CentOS 7 / RHEL 7 – Open ports

Travis —  June 13, 2015 — Leave a comment

One of the most common things I do on Linux machines is open ports to test software in a development environment.  In the past, that meant trying to remember (and Googling) cryptic iptables commands.  Now, CentOS 7 and Red Hat 7 include the nicer firewall-cmd tool to configure the firewall.

 

First, ensure the firewall-cmd service is running:

[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2015-04-09 18:08:33 EDT; 2 months 3 days ago
Main PID: 642 (firewalld)
CGroup: /system.slice/firewalld.service
└─642 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Apr 09 18:08:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]#

Now, the following command will open port 8080 for TCP traffic, for the current session only:

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp
success

If you want to make the change persist across reboots, you can add the --permanent flag, and then do a --reload to make the change take effect in the current session.

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

Now port 8080 should be open.  To verify, you can run with --list-all and look at the list of ports:

[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default)
interfaces: 
sources: 
services: dhcpv6-client ssh
ports: 8080/tcp
masquerade: no
forward-ports: 
icmp-blocks: 
rich rules:

If you want to remove port 8080, you would use the --remove-port flag, with the --permanent flag if you want to persist the change:

[root@localhost ~]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

You can use --list-all again to verify that the port has been removed:

[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default)
interfaces: 
sources: 
services: dhcpv6-client ssh
ports: 
masquerade: no
forward-ports: 
icmp-blocks: 
rich rules:

This is a very quick introduction to firewall-cmd.  There is much more to learn, but this is a quick, basic task that I find myself doing frequently.

转载自:http://www.linuxbrigade.com/centos-7-rhel-7-open-ports/

 

posted @ 2016-12-08 15:27  rookie2016  阅读(196)  评论(0编辑  收藏  举报