一、linux默认防火墙firewalld

1、常用命令

systemctl status firewalld #查看防火状态
systemctl stop firewalld #暂时关闭防火墙
systemctl disable firewalld #永久关闭防火墙
systemctl enable firewalld #启用防火墙

2、放行端口

firewall-cmd --zone=public --add-port=80/tcp --permanent #放行80端口
firewall-cmd --zone=public --add-port=3306/tcp --permanent #放行3306端口

firewall-cmd --reload #重载配置

放行或者关闭端口后记得重载防火墙

3、关闭端口

firewall-cmd --zone=public --remove-port=3306/tcp --permanent #关闭3306端口

firewall-cmd --reload #重载配置

二、iptables-services防火墙

1、关闭默认防火墙firewalld

systemctl mask firewalld
systemctl stop firewalld

2、yum源安装iptables-services

yum -y install iptables-services
systemctl enable iptables
systemctl start iptables

3、配置iptable

vim /etc/sysconfig/iptables

修改配置如下:

# sample configuration for iptables service# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

-A INPUT -p tcp -m state –state NEW -m tcp –dport 3306 -j ACCEPT,代表开放3306端口。

4、iptable常用命令

service iptables status #查看防火状态
service iptables stop #暂时关闭防火墙
service iptables restart #重启防火墙

三、检测端口连通性

1、ping命令

ping 192.168.217.128

cmd命令行检测目标ip是否连通
upload successful

2、curl命令

curl 192.168.217.128:4000

bash环境下使用curl检测目标ip:端口是否连通
upload successful

3、telnet命令

telnet 192.168.217.128 4000