Travis — June 13, 2015 — Leave a comment
One of the most common things I do on Linux machines is open ports to test software in a development environment. In the past, that meant trying to remember (and Googling) cryptic iptables commands. Now, CentOS 7 and Red Hat 7 include the nicer firewall-cmd tool to configure the firewall.
First, ensure the firewall-cmd service is running:
[root@localhost ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since Thu 2015-04-09 18:08:33 EDT; 2 months 3 days ago
Main PID: 642 (firewalld)
CGroup: /system.slice/firewalld.service
└─642 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid Apr 09 18:08:33 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]#
Now, the following command will open port 8080 for TCP traffic, for the current session only:
[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp
success
If you want to make the change persist across reboots, you can add the --permanent flag, and then do a --reload to make the change take effect in the current session.
[root@localhost ~]# firewall-cmd --zone=public --add-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
Now port 8080 should be open. To verify, you can run with --list-all and look at the list of ports:
[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8080/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
If you want to remove port 8080, you would use the --remove-port flag, with the --permanent flag if you want to persist the change:
[root@localhost ~]# firewall-cmd --zone=public --remove-port=8080/tcp --permanent
success
[root@localhost ~]# firewall-cmd --reload
success
You can use --list-all again to verify that the port has been removed:
[root@localhost ~]# firewall-cmd --zone=public --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
This is a very quick introduction to firewall-cmd. There is much more to learn, but this is a quick, basic task that I find myself doing frequently.
转载自:http://www.linuxbrigade.com/centos-7-rhel-7-open-ports/