一. firewalld防火墙(centos7后)
- 查看防火墙暴露端口:
firewall-cmd --zone=public --list-ports
- 查看防火墙某个端口是否开放:
firewall-cmd --query-port=3306/tcp
- 开放防火墙端口3306,需重新加载
firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --reload
- 关闭防火墙端口5672:
firewall-cmd --zone=public --remove-port=5672/tcp --permanent
- 查看防火墙状态:
systemctl status firewalld
- 关闭防火墙:
systemctl stop firewalld
- 打开防火墙:
systemctl start firewalld
- 开放一段端口后需重新加载否则失效:
firewall-cmd --zone=public --add-port=40000-45000/tcp --permanent
firewall-cmd --reload
- 永久关闭防火墙:
systemctl disable firewalld
iptables防火墙(centos7前)
- 查看防火墙状态
service iptables status
- 停止防火墙
service iptables stop
- 启动防火墙
service iptables restart
- 重启防火墙
service iptables restart
- 永久关闭防火墙
chkconfig iptables off
- 永久关闭后重启
chkconfig iptables on
- 打开某8080端口
/sbin/iptables -I INPUT -p tcp --dport 8080 -j ACCEPT