centos 7 防火墙设置 使用 iptables firewall-cmd 开放端口号

开放端口

# iptables -I INPUT -p tcp --dport 8888 -j ACCEPT

# firewall-cmd --add-port=8888/tcp --permanent
# firewall-cmd --reload

关闭端口

# firewall-cmd --remove-port=8888/tcp --permanent
# firewall-cmd --reload

查看已配置规则

# iptables -S INPUT
-P INPUT ACCEPT
-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited

# firewall-cmd --list-ports
8888/tcp

查看配置文件

# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp --dport 3306 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

保存规则

# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[  确定  ]

再次查看配置文件

# cat /etc/sysconfig/iptables | grep 8888
-A INPUT -p tcp -m tcp --dport 8888 -j ACCEPT

服务启动停止

# systemctl start iptables

# systemctl start firewalld

# systemctl stop iptables

# systemctl stop firewalld