centos7已经将防火墙改为firewalld,默认的centos7 minimal是不自带firewalld,下面来安装吧
# yum install -y firewalld
# systemctl start firewalld
# systemctl enable firewalld
那我们访问原来的elasticsearch的head插件,发现已经不可以访问了
注:elasticsearch需要开放9200,9300两个端口
# firewall-cmd --add-port=9200/tcp --permanent #永久开放9200端口
# firewall-cmd --add-port=9300/tcp --permanent #永久开放9300端口
# firewall-cmd --reload #重新加载
# firewall-cmd --list-all #查看防火墙配置
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports: 9200/tcp 9300/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
再访问head插件
然后我们再禁用此端口
# firewall-cmd --remove-port=9200/tcp --permanent
# firewall-cmd --add-port=9300/tcp --permanent
# firewall-cmd --reload #重新加载
# firewall-cmd --list-all #查看防火墙配置,可知9200端口已经被禁用
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
再次访问head插件
80端口一般是我们开放http服务的端口,下面我们来看看怎么配置吧
# ss -lpt | grep http #查看http端口,由此可知nginx在占用
LISTEN 0 128 *:http *:* users:(("nginx",pid=1363,fd=6),("nginx",pid=1359,fd=6))
查看防火墙可配置的服务
# firewall-cmd --get-services
RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imaps ipp ipp-client ipsec iscsi-target kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind rsyncd samba samba-client smtp ssh telnet tftp tftp-client transmission-client vdsm vnc-server wbem-https
对外公开http服务
# firewall-cmd --add-service=http --permanent
# firewall-cmd --reload
直接访问ip
禁用http服务
# firewall-cmd firewall-cmd --remove-service=http --permanent
# firewall-cmd --reload
# firewall-cmd --list-services
dhcpv6-client ssh
直接访问ip