The article directories

  • 1. Enable or disable the specified port
  • 2. The firewall instructions
  • 3. Application Cases:

1. Enable or disable the specified port

  • In a real production environment, it is often necessary to turn on the firewall, but the problem is that if we turn on the firewall, the external request packets cannot communicate with the server listening port. In this case, you need to open the specified port. Such as80, 22, 8080Wait, how do we do this?
  • [Schematic diagram]

2. The firewall instructions

  1. Open port:Firewall-cmd --permanent --add-port= Port number/protocol
  2. Close port:Firewall-cmd --permanent --remove-port= Port number/protocol
  3. Reload to take effect:firewall-cmd --reload
  4. To check whether a port is open:Firewall-cmd --query-port= port/protocol

3. Application Cases:

  • Check the service status of port 111.netstat -anp | more, discovery is a service of the system process, belongs totcpIf there is no corresponding 111 service on the port, Telnet cannot be connected.

  1. Enable firewall, test111Is the port available?telnetThe connection is successful

  2. open111port
firewall-cmd --permanent --add-port=111/tcp
Copy the code

I also need to reload

firewall-cmd --reload
Copy the code

  • telnet IP:111Test success

  1. Shut down terminal 111 again
firewall-cmd --permanent --remove-port=111/tcp
Copy the code

Requires an overload to take effect

firewall-cmd --reload
Copy the code



  • After this function is disabled, Telnet cannot be connected