Travis —  June 13, 2015 — Leave a comment

One of the most common things I do on Linux machines is open ports to test software in a development environment.  In the past, that meant trying to remember (and Googling) cryptic iptables commands.  Now, CentOS 7 and Red Hat 7 include the nicer firewall-cmd tool to configure the firewall.

First, ensure the firewall-cmd service is running:

[root@localhost ~]# systemctl status firewalld

firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)

Active: active (running) since Thu 2015-04-09 18:08:33 EDT; 2 months 3 days ago

Main PID: 642 (firewalld)

CGroup: /system.slice/firewalld.service

└─642 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Apr 09 18:08:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

[root@localhost ~]#

Now, the following command will open port 8080 for TCP traffic, for the current session only:

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp

success

If you want to make the change persist across reboots, you can add the --permanent flag, and then do a --reload to make the change take effect in the current session.

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent

success

[root@localhost ~]# firewall-cmd --reload

success

Now port 8080 should be open.  To verify, you can run with --list-all and look at the list of ports:

[root@localhost ~]# firewall-cmd --zone=public --list-all

public (default)

interfaces:

sources:

services: dhcpv6-client ssh

ports: 8080/tcp

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

If you want to remove port 8080, you would use the --remove-port flag, with the --permanent flag if you want to persist the change:

[root@localhost ~]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent

success

[root@localhost ~]# firewall-cmd --reload

success

You can use --list-all again to verify that the port has been removed:

[root@localhost ~]# firewall-cmd --zone=public --list-all

public (default)

interfaces:

sources:

services: dhcpv6-client ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

This is a very quick introduction to firewall-cmd.  There is much more to learn, but this is a quick, basic task that I find myself doing frequently.

转载自:http://www.linuxbrigade.com/centos-7-rhel-7-open-ports/

CentOS 7 / RHEL 7 – Open ports的更多相关文章

  1. CentOS 7 / RHEL 7 上安装 LAMP + phpMyAdmin

    原文 CentOS 7 / RHEL 7 上安装 LAMP + phpMyAdmin 发表于 2014-11-02 作者 Haoxian Zeng 更新于 2014-12-12   之前根据在 Lin ...

  2. 在CentOS或RHEL上安装Nux Dextop仓库

    介绍 Nux Dextop是类似CentOS.RHEL.ScientificLinux的第三方RPM仓库(比如:Ardour,Shutter等等).目前,Nux Dextop对CentOS/RHEL ...

  3. CentOS 7 (RHEL 7)服务管理命令的变化

    CentOS 7 (RHEL 7)带来了新的服务管理命令,为了保持兼容原有的命令仍可以使用,以下是新旧命令的对照. 启动.停止.重启.重载.检查服务:6: service httpd start|st ...

  4. 在CentOS或RHEL防火墙上开启端口

    转载自:https://linux.cn/article-4243-1.html 如果希望在服务器上提供服务,诸如CentOS或RHEL的企业级Linux发行版包含内置的强大防火墙,它们默认的防火墙规 ...

  5. CentOS 7 /RHEL 7: How To Change The System Locale

    The system localeare used to control the language setting of system services and the UI before the u ...

  6. centos install shutter (How to enable Nux Dextop repository on CentOS or RHEL)

    http://ask.xmodulo.com/enable-nux-dextop-repository-centos-rhel.html Question: I would like to insta ...

  7. Ajaxterm-0.10-8.el5.noarch.rpm CentOS 5 (RHEL 5) Download

    Ajaxterm-0.10-8.el5.noarch.rpm CentOS 5 (RHEL 5) Download Install Howto Download the latest epel-rel ...

  8. 如何在CentOS或者RHEL上启用Nux Dextop仓库 安装shutter截图工具

    Nux Dextop是一个面对CentOS.RHEL.ScientificLinux的含有许多流行的桌面和多媒体相关的包的第三方RPM仓库(比如:Ardour,Shutter等等).目前,Nux De ...

  9. Linux系统忘记管理员密码(CentOS、RHEL、Ubuntu)

    Linux系统忘记管理员密码(CentOS.RHEL.Ubuntu) 系统使用过程中,尤其是生产环境中.万一忘记管理员密码,该怎么办?是不是很绝望? 1.RHEL 7.0 重启主机进入引导界面键入e键 ...

随机推荐

  1. Selenium2学习-040-JavaScript弹出框(alert、confirm、prompt)操作演示实例

    弹出框是网页自动化测试常见得操作页面元素之一,常见的JavaScript弹出框有如下三种: 1.alert(message):方法用于显示带有一条指定消息和一个 OK 按钮的警告框.DemoAlert ...

  2. iOS Developer Library地址

    1. iOS Developer Library路径:https://developer.apple.com/library/ios/navigation/ 2. 百度搜索:iOS Developer ...

  3. NSUserDefaults存取失败

    解决办法: 1.存储NSUserDefaults时,强制NSUserDefault存入沙盒 [[NSUserDefaults standardUserDefaults] setObject:sAcco ...

  4. sync_object not in ('TBL_Territory')

    sync_objec 不包含TBL_Territory这个字段

  5. ElasticSearch作为Windows服务启动

           由于公司服务器用的Windows服务器,所以你懂得…… 直接下载elasticsearch中文发行版.下载地址是:https://github.com/medcl/elasticsear ...

  6. APP测试要点

    APP测试的时候,建议让开发打好包APK和IPA安装包,测试人员自己安装应用,进行测试.在测试过程中需要注意的测试点如下: 1.安装和卸载 ●应用是否可以在IOS不同系统版本或android不同系统版 ...

  7. Infinite V1 Release Note

      游戏地址 PLAY 玩法说明 WASD 控制角色移动 更新内容 - 初步完成了角色移动(攻击状态) 开发心得 独立做游戏 其实最耽误时间的就是在自己的短板上, 对于我来说 就是3D建模和动作制作. ...

  8. ubuntu 安装transmission最新版

    访问 www.transmissionbt.com   下载最新版 1)下载transmission:#  wget https://transmission.cachefly.net/transmi ...

  9. mvc 中的 [ChildActionOnly] 和 [NonAction]

    首先,NonAction表示它不是一个真正的Action,而是一个普通方法, 就像我们定义一个普通的方法那样,返回值可以任意定义; 而  ChildActionOnly表示它只能在View中通过Htm ...

  10. Apache Commons CLI官方文档翻译 —— 快速构建命令行启动模式

    昨天通过几个小程序以及Hangout源码学习了CLI的基本使用,今天就来尝试翻译一下CLI的官方使用手册. 下面将会通过几个部分简单的介绍CLI在应用中的使用场景. 昨天已经联系过几个基本的命令行参数 ...