Travis —  June 13, 2015 — Leave a comment

One of the most common things I do on Linux machines is open ports to test software in a development environment.  In the past, that meant trying to remember (and Googling) cryptic iptables commands.  Now, CentOS 7 and Red Hat 7 include the nicer firewall-cmd tool to configure the firewall.

First, ensure the firewall-cmd service is running:

[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2015-04-09 18:08:33 EDT; 2 months 3 days ago
Main PID: 642 (firewalld)
CGroup: /system.slice/firewalld.service
└─642 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Apr 09 18:08:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]#

Now, the following command will open port 8080 for TCP traffic, for the current session only:

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp
success

If you want to make the change persist across reboots, you can add the --permanent flag, and then do a --reload to make the change take effect in the current session.

[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

Now port 8080 should be open.  To verify, you can run with --list-all and look at the list of ports:

[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8080/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

If you want to remove port 8080, you would use the --remove-port flag, with the --permanent flag if you want to persist the change:

[root@localhost ~]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success

You can use --list-all again to verify that the port has been removed:

[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:

This is a very quick introduction to firewall-cmd.  There is much more to learn, but this is a quick, basic task that I find myself doing frequently.

转载自:http://www.linuxbrigade.com/centos-7-rhel-7-open-ports/

CentOS 7 / RHEL 7 – Open ports的更多相关文章

  1. CentOS 7 / RHEL 7 上安装 LAMP + phpMyAdmin

    原文 CentOS 7 / RHEL 7 上安装 LAMP + phpMyAdmin 发表于 2014-11-02 作者 Haoxian Zeng 更新于 2014-12-12   之前根据在 Lin ...

  2. 在CentOS或RHEL上安装Nux Dextop仓库

    介绍 Nux Dextop是类似CentOS.RHEL.ScientificLinux的第三方RPM仓库(比如:Ardour,Shutter等等).目前,Nux Dextop对CentOS/RHEL ...

  3. CentOS 7 (RHEL 7)服务管理命令的变化

    CentOS 7 (RHEL 7)带来了新的服务管理命令,为了保持兼容原有的命令仍可以使用,以下是新旧命令的对照. 启动.停止.重启.重载.检查服务:6: service httpd start|st ...

  4. 在CentOS或RHEL防火墙上开启端口

    转载自:https://linux.cn/article-4243-1.html 如果希望在服务器上提供服务,诸如CentOS或RHEL的企业级Linux发行版包含内置的强大防火墙,它们默认的防火墙规 ...

  5. CentOS 7 /RHEL 7: How To Change The System Locale

    The system localeare used to control the language setting of system services and the UI before the u ...

  6. centos install shutter (How to enable Nux Dextop repository on CentOS or RHEL)

    http://ask.xmodulo.com/enable-nux-dextop-repository-centos-rhel.html Question: I would like to insta ...

  7. Ajaxterm-0.10-8.el5.noarch.rpm CentOS 5 (RHEL 5) Download

    Ajaxterm-0.10-8.el5.noarch.rpm CentOS 5 (RHEL 5) Download Install Howto Download the latest epel-rel ...

  8. 如何在CentOS或者RHEL上启用Nux Dextop仓库 安装shutter截图工具

    Nux Dextop是一个面对CentOS.RHEL.ScientificLinux的含有许多流行的桌面和多媒体相关的包的第三方RPM仓库(比如:Ardour,Shutter等等).目前,Nux De ...

  9. Linux系统忘记管理员密码(CentOS、RHEL、Ubuntu)

    Linux系统忘记管理员密码(CentOS.RHEL.Ubuntu) 系统使用过程中,尤其是生产环境中.万一忘记管理员密码,该怎么办?是不是很绝望? 1.RHEL 7.0 重启主机进入引导界面键入e键 ...

随机推荐

  1. JMeter学习-029-JMeter配置文件propertie配置项读取及应用实例

    在上文中提到通过读取配置文件中的数据,以此定制JMeter Slave的脚本分发路径(默认脚本路径,即参数文件相对路径父目录). 此文,就以此为例进行实例说明. 通过阅读JMeter源码 core/s ...

  2. 开启JMX功能,使JVisvualVM能够连接JVM

    -Dcom.sun.management.jmxremote.port=1099 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.manageme ...

  3. 简单理解js的this

    js的this是什么?关于这个东西,博客园里面有太多的解释了,不过,本人看了一下,感觉对this解释的有点复杂了,因此,本人在此给this一个简单易于理解的定义. this其实是js的一个对象,至于是 ...

  4. 深入理解js的prototype以及prototype的一些应用

    上一篇讲了js的prototype概念,在这里回顾一下prototype的定义: prototype是函数的一个属性,并且是函数的原型对象.引用它的必然是函数,这个应该记住. 但是,很奇怪,各位看官, ...

  5. SpringMVC操作指南-整合Spring、SpringMVC、MyBatis、Log4j/Log4j2及JUnit4搭建项目框架

  6. 一个nginx匹配很诡异的问题

    nginx配置如下: location ~ \.php$ { root /opt/nginx/html; fastcgi_pass 127.0.0.1:9000; fastcgi_index inde ...

  7. 8139too.c网卡驱动简单分析

    从事linux C开发工作以来,工作内容主要是在应用层,对nginx和unbound等软件有些了解,也常对这2个软件进行二次开发. 对网络这块一直比较有兴趣.也很好奇网卡到底是怎么接受到报文的,以及报 ...

  8. 解决Window Azure: Failed to start Development Storage: the SQL Server instance ‘localhost\SQLExpress’ could not be found.

    运行Window Arzure 项目,报如下错误: Windows Azure Tools: Failed to initialize Windows Azure storage emulator. ...

  9. YbSoftwareFactory 代码生成插件【十九】:实体类配合数据库表字段进行属性扩展的小技巧

    实体类通常需要和数据库表进行了ORM映射,当你需要添加新的属性时,往往同时也需要在数据库中添加相应的字段并配置好映射关系,同时可能还需对数据访问组件进行重新编译和部署才能有效.而当你开始设计一个通用数 ...

  10. 突袭HTML5之WebGL 3D概述

    WebGL开启了网页3D渲染的新时代,它允许在canvas中直接渲染3D的内容,而不借助任何插件.WebGL同canvas 2D的API一样,都是通过脚本操纵对象,所以步骤也是基本相似:准备工作上下文 ...