CentOS 7.1 版本
// 查看 firewalld
[root@wode006 sysconfig]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since 六 2015-07-04 20:56:57 CST; 1min 52s ago
Main PID: 8911 (firewalld)
CGroup: /system.slice/firewalld.service
└─8911 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
7月 04 20:56:57 wode006 systemd[1]: Started firewalld - dynamic firewall d...n.
Hint: Some lines were ellipsized, use -l to show in full.
[root@wode006 sysconfig]#
// 查看 zone
[root@wode006 sysconfig]# firewall-cmd --get-active-zones
public
interfaces: enp7s0f0 enp7s0f1
[root@wode006 sysconfig]#
// 添加端口3306,并重启
[root@wode006 sysconfig]# firewall-cmd --permanent --zone=public --add-port=3306/tcp
success
[root@wode006 sysconfig]# firewall-cmd --permanent --zone=public --add-port=3306/udp
success
[root@wode006 sysconfig]# firewall-cmd --reload
success
[root@wode006 sysconfig]#
// 或者,添加 service
// 查看所有 service
[root@wode006 services]# firewall-cmd --get-service
RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp open*** pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
[root@wode006 services]#
// 查看当前 service
[root@wode006 services]# firewall-cmd --list-service
dhcpv6-client ssh
[root@wode006 services]#
// 加入mysql
[root@wode006 services]# firewall-cmd --add-service=mysql --permanent
success
[root@wode006 services]# firewall-cmd --reload
success
[root@wode006 services]#
// 检查当前 service
[root@wode006 services]# firewall-cmd --list-all
public (default, active)
interfaces: enp7s0f0 enp7s0f1
sources:
services: dhcpv6-client mysql ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
[root@wode006 services]#
// 查看firewall-cmd定义的service
[root@wode006 services]# cd /usr/lib/firewalld/services/
[root@wode006 services]# ls
amanda-client.xml ipp-client.xml mysql.xml RH-Satellite-6.xml
bacula-client.xml ipp.xml nfs.xml rpc-bind.xml
bacula.xml ipsec.xml ntp.xml samba-client.xml
dhcpv6-client.xml kerberos.xml open***.xml samba.xml
dhcpv6.xml kpasswd.xml pmcd.xml smtp.xml
dhcp.xml ldaps.xml pmproxy.xml ssh.xml
dns.xml ldap.xml pmwebapis.xml telnet.xml
ftp.xml libvirt-tls.xml pmwebapi.xml tftp-client.xml
high-availability.xml libvirt.xml pop3s.xml tftp.xml
https.xml mdns.xml postgresql.xml transmission-client.xml
http.xml mountd.xml proxy-dhcp.xml vnc-server.xml
imaps.xml ms-wbt.xml radius.xml wbem-https.xml
[root@wode006 services]#
// 查看 mysql.xml
[root@wode006 services]# cat mysql.xml
MySQL
MySQL Database Server
[root@wode006 services]#
// mysql允许外部访问的两个条件:防火墙允许服务端口对外,默认3306/tcp
mysql授权来自外部的ip,有对应的操作权限