在CentOS 7上打开防火墙端口

最新推荐文章于 2023-12-13 22:17:50 发布

xfxf996

最新推荐文章于 2023-12-13 22:17:50 发布

阅读量248

点赞数

文章标签： centos port firewall

原文链接：https://oldbug.net/q/1fl9E/Open-firewall-port-on-CentOS-7

版权

本文翻译自：Open firewall port on CentOS 7

I am using CentOS 7 and I have to ensure that ports 2888 and 3888 are open. 我正在使用CentOS 7，并且必须确保端口2888和3888已打开。

I read this article but this did not work because on CentOS 7 OS there is no iptables save command. 我读了这篇文章，但是没有用，因为在CentOS 7 OS上没有iptables save命令。

Someone told me that the above URL is not valid for CentOS 7. and I should follow this . 有人告诉我，上述URL对CentOS 7无效。我应该遵循这一点。 But this article is not clear to me on exactly what command I need to execute. 但是这篇文章对我到底需要执行什么命令尚不清楚。

I also found 我也发现

firewall-cmd --zone=public --add-port=2888/tcp

but this does not survive reboots. 但这无法在重新启动后继续存在。

So how can I open the ports and make it survive reboots? 那么，如何打开端口并使其在重启后不受影响？

#1楼

参考：https://stackoom.com/question/1fl9E/在CentOS-上打开防火墙端口

#2楼

Use this command to find your active zone(s): 使用此命令查找您的活动区域：

firewall-cmd --get-active-zones

It will say either public, dmz, or something else. 它会说是public，dmz或其他名称。 You should only apply to the zones required. 您只应申请所需的区域。

In the case of public try: 在公共尝试的情况下：

firewall-cmd --zone=public --add-port=2888/tcp --permanent

Then remember to reload the firewall for changes to take effect. 然后，请记住重新加载防火墙以使更改生效。

firewall-cmd --reload

Otherwise, substitute public for your zone, for example, if your zone is dmz: 否则，用public代替您的区域，例如，如果您的区域是dmz：

firewall-cmd --zone=dmz --add-port=2888/tcp --permanent

#3楼

The answer by ganeshragav is correct, but it is also useful to know that you can use: ganeshragav的回答是正确的，但是知道可以使用它也很有用：

firewall-cmd --permanent --zone=public --add-port=2888/tcp

but if is a known service, you can use: 但如果是已知服务，则可以使用：

firewall-cmd --permanent --zone=public --add-service=http

and then reload the firewall 然后重新加载防火墙

firewall-cmd --reload

[ Answer modified to reflect Martin Peter's comment, original answer had --permanent at end of command line ] [答案经过修改以反映Martin Peter的评论，原始答案在命令行末尾具有--permanent ]

#4楼

CentOS (RHEL) 7, has changed the firewall to use firewall-cmd which has a notion of zones which is like a Windows version of Public, Home, and Private networks. CentOS（RHEL）7已将防火墙更改为使用firewall-cmd ，它具有区域的概念，就像Windows版本的Public，Home和Private网络一样。 You should look here to figure out which one you think you should use. 您应该在此处查看您认为应该使用哪一个。 EL7 uses public by default so that is what my examples below use. EL7默认情况下使用public ，这就是我下面的示例所使用的。

You can check which zone you are using with firewall-cmd --list-all and change it with firewall-cmd --set-default-zone=<zone> . 您可以使用firewall-cmd --list-all检查正在使用的区域，并使用firewall-cmd --set-default-zone=<zone>对其进行更改。

You will then know what zone to allow a service (or port) on: 然后，您将知道在哪个区域允许服务（或端口）：

firewall-cmd --permanent --zone=<zone> --add-service=http

firewall-cmd --permanent --zone=<zone> --add-port=80/tcp

You can check if the port has actually be opened by running: 您可以通过运行以下命令检查端口是否已实际打开：

firewall-cmd --zone=<zone> --query-port=80/tcp

firewall-cmd --zone=<zone> --query-service=http

According to the documentation , 根据文档，

When making changes to the firewall settings in Permanent mode, your selection will only take effect when you reload the firewall or the system restarts. 在“永久”模式下更改防火墙设置时，您的选择仅在重新加载防火墙或系统重新启动后才生效。

You can reload the firewall settings with: firewall-cmd --reload . 您可以使用以下命令重新加载防火墙设置： firewall-cmd --reload 。

#5楼

Fedora, did it via iptables Fedora是通过iptables

sudo iptables -I INPUT -p tcp --dport 3030 -j ACCEPT
sudo service iptables save

Seems to work 似乎可以工作

#6楼

If you are familiar with iptables service like in centos 6 or earlier, you can still use iptables service by manual installation: 如果您熟悉centos 6或更早版本中的iptables服务，仍然可以通过手动安装来使用iptables服务：

step 1 => install epel repo 步骤1 =>安装epel回购