preface
This article mainly describes the Linux port management, about the content has: port view, port open and port close.
First, port view
Checking whether a port is occupied is a common operation in daily use. Currently, THERE are two methods I know: one is to use the lsof command, the other is to use the netstat command.
lsof
Lsof stands for List Open Files, which means to view open files (in Linux, everything is a file)
#Check use the -i parameter, followed by the port
$ lsof -i:33306COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME com.docker 582 yangan 14u IPv6 0xef9b768a7c1a1df1 0t0 TCP *:33306 (LISTEN) COMMAND: indicates the name of a process. PID: indicates the process identifier. PPID: indicates the identifier of the parent process (-r needs to be specified). TYPE: indicates the file TYPE, such as DIR and REG DEVICE: indicates the NAME of the specified disk. SIZE: indicates the SIZE of the file. NODE: indicates the index NODE (identifier of a file on a disk)Copy the code
netstat
1. Installation:
apt install net-tools
2. Common parameters
-t: indicates that TCP ports are displayed. -u: indicates that UDP ports are displayed. -l: indicates that only listening sockets (sockets in LISTEN state) are displayed. Displays all connected portsCopy the code
3. View ports
$ netstat -an | grep 33306
tcp46 0 0 *.33306 *.* LISTEN
$ netstat -ant | grep 33306
tcp46 0 0 *.33306 *.* LISTEN
Copy the code
2. Port status
In Linux, ports are stateful, the most common is LISTEN state, as shown above, and other states are CLOSED, ESTABLISHED, etc. For details, please refer to this article
3. Port opening and closing
Each application needs to occupy a port when it runs. Similarly, if the port is not open for external access, we cannot access the application. There are two common ways to open the port: one is to use UFW and the other is to use Firewalld.
firewalld
1. Open port 33306
$ sudo firewall-cmd --zone=public --add-port=33306/tcp --permanent
success
#Command meaning:--zone # scope --add-port=80/ TCP # Add port. Format: port/protocol --permanentCopy the code
2. Refresh firewall configurations (The configurations of open ports take effect only after being refreshed.)
$ sudo firewall-cmd --reload
Error: COMMAND_FAILED: '/usr/sbin/iptables-restore -w -n' failed: iptables-restore v1.8.2 (nf_tables):
line 4: RULE_REPLACE failed (No such file or directory): rule in chain INPUT
line 4: RULE_REPLACE failed (No such file or directory): rule in chain OUTPUT
#The above error, which means "The rule is not applied, which may mean that you have invalid rules in your configuration," can be resolved by setting IndividualCalls=yes
$ sudo vim /etc/firewalld/firewalld.conf
#You need to restart the system
$ sudo systemctl restart firewalld
Copy the code
Reference: github.com/firewalld/f…
3. View open ports
$ firewall-cmd --list-ports
33306/tcp
Copy the code
4. Disable the specified port
$ firewall-cmd --zone=public --remove-port=33306/tcp --permanent
Copy the code
ufw
For more information about the use of uFW, see this article
Write in the last
Dear bosses, creation is not easy, but it needs to be honed and summarized constantly, welcome to pay attention to me, I am Yan Gan, I will share with you all kinds of practical programming knowledge and skills, your praise and attention is the biggest motivation for my progress and creation!!