Travis —  June 13, 2015 — Leave a comment

One of the most common things I do on Linux machines is open ports to test software in a development environment.  In the past, that meant trying to remember (and Googling) cryptic iptables commands.  Now, CentOS 7 and Red Hat 7 include the nicer firewall-cmd tool to configure the firewall.

First, ensure the firewall-cmd service is running:

[root@localhost ~]# systemctl status firewalld

firewalld.service - firewalld - dynamic firewall daemon

Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)

Active: active (running) since Thu 2015-04-09 18:08:33 EDT; 2 months 3 days ago

Main PID: 642 (firewalld)

CGroup: /system.slice/firewalld.service

└─642 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Apr 09 18:08:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.

[root@localhost ~]#

Now, the following command will open port 8080 for TCP traffic, for the current session only:

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp

success

If you want to make the change persist across reboots, you can add the --permanent flag, and then do a --reload to make the change take effect in the current session.

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent

success

[root@localhost ~]# firewall-cmd --reload

success

Now port 8080 should be open.  To verify, you can run with --list-all and look at the list of ports:

[root@localhost ~]# firewall-cmd --zone=public --list-all

public (default)

interfaces:

sources:

services: dhcpv6-client ssh

ports: 8080/tcp

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

If you want to remove port 8080, you would use the --remove-port flag, with the --permanent flag if you want to persist the change:

[root@localhost ~]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent

success

[root@localhost ~]# firewall-cmd --reload

success

You can use --list-all again to verify that the port has been removed:

[root@localhost ~]# firewall-cmd --zone=public --list-all

public (default)

interfaces:

sources:

services: dhcpv6-client ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

This is a very quick introduction to firewall-cmd.  There is much more to learn, but this is a quick, basic task that I find myself doing frequently.

转载自:http://www.linuxbrigade.com/centos-7-rhel-7-open-ports/

CentOS 7 / RHEL 7 – Open ports的更多相关文章

  1. CentOS 7 / RHEL 7 上安装 LAMP + phpMyAdmin

    原文 CentOS 7 / RHEL 7 上安装 LAMP + phpMyAdmin 发表于 2014-11-02 作者 Haoxian Zeng 更新于 2014-12-12   之前根据在 Lin ...

  2. 在CentOS或RHEL上安装Nux Dextop仓库

    介绍 Nux Dextop是类似CentOS.RHEL.ScientificLinux的第三方RPM仓库(比如:Ardour,Shutter等等).目前,Nux Dextop对CentOS/RHEL ...

  3. CentOS 7 (RHEL 7)服务管理命令的变化

    CentOS 7 (RHEL 7)带来了新的服务管理命令,为了保持兼容原有的命令仍可以使用,以下是新旧命令的对照. 启动.停止.重启.重载.检查服务:6: service httpd start|st ...

  4. 在CentOS或RHEL防火墙上开启端口

    转载自:https://linux.cn/article-4243-1.html 如果希望在服务器上提供服务,诸如CentOS或RHEL的企业级Linux发行版包含内置的强大防火墙,它们默认的防火墙规 ...

  5. CentOS 7 /RHEL 7: How To Change The System Locale

    The system localeare used to control the language setting of system services and the UI before the u ...

  6. centos install shutter (How to enable Nux Dextop repository on CentOS or RHEL)

    http://ask.xmodulo.com/enable-nux-dextop-repository-centos-rhel.html Question: I would like to insta ...

  7. Ajaxterm-0.10-8.el5.noarch.rpm CentOS 5 (RHEL 5) Download

    Ajaxterm-0.10-8.el5.noarch.rpm CentOS 5 (RHEL 5) Download Install Howto Download the latest epel-rel ...

  8. 如何在CentOS或者RHEL上启用Nux Dextop仓库 安装shutter截图工具

    Nux Dextop是一个面对CentOS.RHEL.ScientificLinux的含有许多流行的桌面和多媒体相关的包的第三方RPM仓库(比如:Ardour,Shutter等等).目前,Nux De ...

  9. Linux系统忘记管理员密码(CentOS、RHEL、Ubuntu)

    Linux系统忘记管理员密码(CentOS.RHEL.Ubuntu) 系统使用过程中,尤其是生产环境中.万一忘记管理员密码,该怎么办?是不是很绝望? 1.RHEL 7.0 重启主机进入引导界面键入e键 ...

随机推荐

  1. [原创]如何在Parcelable中使用泛型

    [原创]如何在Parcelable中使用泛型 实体类在实现Parcelable接口时,除了要实现它的几个方法之外,还另外要定义一个静态常量CREATOR,如下例所示: public static cl ...

  2. JAVASE02-Unit08: 文本数据IO操作 、 异常处理

    Unit08: 文本数据IO操作 . 异常处理 * java.io.ObjectOutputStream * 对象输出流,作用是进行对象序列化 package day08; import java.i ...

  3. 在centos6.7用yum安装redis解决办法

    1. centos默认的安装源在官方centos.org上,而Redis在第三方的yum源里,所以无法安装,非官方的yum推荐用fedora的epel仓库 [root@localhost instal ...

  4. Win8电脑蓝屏并提示dpc_watchdog_violation

    用尽系统自带的工具均无法恢复,F8能进系统.后来使用如下方法解决了 这种错误情况的发生可能是由于 iastor.sys 驱动没有完全兼容 Windows 8系统所造成的. 微软正在研究一种可行方案,来 ...

  5. C#写入日志信息到文件中

    为了在服务器上运行程序及时的跟踪出错的地方,可以在必要的地方加入写日志的程序. string folder = string.Format(@"D:\\{0}\\{1}", Dat ...

  6. 验证控件,解决用于ajax提交前的验证,不是submit提交的验证

    //解决ajax提交前的验证问题,主要用于onclick事件时对某一区域中(可以是form,div,table中的等)控件的验证.(function ($) { var v; //Create a n ...

  7. web分享QQ好友、QQ空间、新浪微博的api接口

    QZone: "http://sns.qzone.qq.com/cgi-bin/qzshare/cgi_qzshare_onekey?url={{URL}}&title={{TITL ...

  8. unresolved inclusion in the java header in JNI

    eclipse的ndk开发环境建差不多后打开jni的samples里的hello-jni项目.添加native和运行都没有问题,但是打开hello-jni.c看到一片红: 光这一个文件牵涉的问题有下面 ...

  9. java关键字 super 和 this

    简单粗暴的说就是: super: 是指父类,想要在子类方法中调用父类的实例变量或方法可以通过super 来访问 this:是指当前类,想要访问当前类的实例变量和方法可以使用this,同时可以省略

  10. Scala基础语法

    /* 学慕课网上<Scala程序设计>课程跟着敲的代码 作为代码参考也是很好的 在scala_ide.org上下载eclipse IDE,新建一个worksheet,就可以像在xcode的 ...