端口
lsof
Linux查看端口的命令:
第一种:lsof -i:端口号
-a:显示本机所有连接和监听地端口
-n:网络IP地址的形式,显示当前建立的有效连接和端口
-r:显示路由表信息
-s:显示按协议的统计信息
-v:显示当前有效的连接
-t:显示所有TCP协议连接情况
-u:显示所有UDP协议连接情况
-i:显示自动配置端口的状态
-l:仅仅显示连接状态为listening的服务网络状态
-p:显示pid/program name
TCP连接的几种状态
ESTABLISHED 已建立
CLOSED 已关闭
LISTENING 正在监听
FIN-WAIT-2 等待连接关闭
TIME-WAIT 等待足够时间,确保服务器正常关闭该连接
防火墙
状态相关
firewall-cmd --state 返回并打印防火墙状态firewall-cmd --reload Reload firewall and keep state informationfirewall-cmd --complete-reload Reload firewall and lose state informationfirewall-cmd --runtime-to-permanentCreate permanent from runtime configurationfirewall-cmd --check-config Check permanent configuration for errors
1、开启防火墙
systemctl start firewalld
2、开放指定端口
firewall-cmd —zone=public —add-port=1935/tcp —permanent
命令含义:
–zone #作用域
–add-port=1935/tcp #添加端口,格式为:端口/通讯协议
–permanent #永久生效,没有此参数重启后失效
3、重启防火墙
firewall-cmd —reload
关闭防火墙
systemctl stop firewalld
查看防火墙状态
systemctl status firewalld
firewall-cmd —state
查看服务器支持的所有服务
firewall-cmd --get-serivces
查询外网端口是否放行
firewall-cmd --query-port=8080/tcp
查询外网端口
firewall-cmd --permanent --query-port=8080/tcp
查看端口号
netstat -ntlp //查看当前所有tcp端口·
netstat -ntulp |grep 1935 //查看所有1935端口使用情况·
帮助文档
Usage: firewall-cmd [OPTIONS...]General Options-h, --help Prints a short help text and exists-V, --version Print the version string of firewalld-q, --quiet Do not print status messagesLog Denied Options--get-log-denied Print the log denied value--set-log-denied=<value>Set log denied valueAutomatic Helpers Options--get-automatic-helpersPrint the automatic helpers value--set-automatic-helpers=<value>Set automatic helpers valuePermanent Options--permanent Set an option permanentlyUsable for options marked with [P]Zone Options--get-default-zone Print default zone for connections and interfaces--set-default-zone=<zone>Set default zone--get-active-zones Print currently active zones--get-zones Print predefined zones [P]--get-services Print predefined services [P]--get-icmptypes Print predefined icmptypes [P]--get-zone-of-interface=<interface>Print name of the zone the interface is bound to [P]--get-zone-of-source=<source>[/<mask>]|<MAC>|ipset:<ipset>Print name of the zone the source is bound to [P]--list-all-zones List everything added for or enabled in all zones [P]--new-zone=<zone> Add a new zone [P only]--new-zone-from-file=<filename> [--name=<zone>]Add a new zone from file with optional name [P only]--delete-zone=<zone> Delete an existing zone [P only]--load-zone-defaults=<zone>Load zone default settings [P only] [Z]--zone=<zone> Use this zone to set or query options, else default zoneUsable for options marked with [Z]--get-target Get the zone target [P only] [Z]--set-target=<target>Set the zone target [P only] [Z]--info-zone=<zone> Print information about a zone--path-zone=<zone> Print file path of a zone [P only]IPSet Options--get-ipset-types Print the supported ipset types--new-ipset=<ipset> --type=<ipset type> [--option=<key>[=<value>]]..Add a new ipset [P only]--new-ipset-from-file=<filename> [--name=<ipset>]Add a new ipset from file with optional name [P only]--delete-ipset=<ipset>Delete an existing ipset [P only]--load-ipset-defaults=<ipset>Load ipset default settings [P only]--info-ipset=<ipset> Print information about an ipset--path-ipset=<ipset> Print file path of an ipset [P only]--get-ipsets Print predefined ipsets--ipset=<ipset> --set-description=<description>Set new description to ipset [P only]--ipset=<ipset> --get-descriptionPrint description for ipset [P only]--ipset=<ipset> --set-short=<description>Set new short description to ipset [P only]--ipset=<ipset> --get-shortPrint short description for ipset [P only]--ipset=<ipset> --add-entry=<entry>Add a new entry to an ipset [P]--ipset=<ipset> --remove-entry=<entry>Remove an entry from an ipset [P]--ipset=<ipset> --query-entry=<entry>Return whether ipset has an entry [P]--ipset=<ipset> --get-entriesList entries of an ipset [P]--ipset=<ipset> --add-entries-from-file=<entry>Add a new entries to an ipset [P]--ipset=<ipset> --remove-entries-from-file=<entry>Remove entries from an ipset [P]IcmpType Options--new-icmptype=<icmptype>Add a new icmptype [P only]--new-icmptype-from-file=<filename> [--name=<icmptype>]Add a new icmptype from file with optional name [P only]--delete-icmptype=<icmptype>Delete an existing icmptype [P only]--load-icmptype-defaults=<icmptype>Load icmptype default settings [P only]--info-icmptype=<icmptype>Print information about an icmptype--path-icmptype=<icmptype>Print file path of an icmptype [P only]--icmptype=<icmptype> --set-description=<description>Set new description to icmptype [P only]--icmptype=<icmptype> --get-descriptionPrint description for icmptype [P only]--icmptype=<icmptype> --set-short=<description>Set new short description to icmptype [P only]--icmptype=<icmptype> --get-shortPrint short description for icmptype [P only]--icmptype=<icmptype> --add-destination=<ipv>Enable destination for ipv in icmptype [P only]--icmptype=<icmptype> --remove-destination=<ipv>Disable destination for ipv in icmptype [P only]--icmptype=<icmptype> --query-destination=<ipv>Return whether destination ipv is enabled in icmptype [P only]--icmptype=<icmptype> --get-destinationsList destinations in icmptype [P only]Service Options--new-service=<service>Add a new service [P only]--new-service-from-file=<filename> [--name=<service>]Add a new service from file with optional name [P only]--delete-service=<service>Delete an existing service [P only]--load-service-defaults=<service>Load icmptype default settings [P only]--info-service=<service>Print information about a service--path-service=<service>Print file path of a service [P only]--service=<service> --set-description=<description>Set new description to service [P only]--service=<service> --get-descriptionPrint description for service [P only]--service=<service> --set-short=<description>Set new short description to service [P only]--service=<service> --get-shortPrint short description for service [P only]--service=<service> --add-port=<portid>[-<portid>]/<protocol>Add a new port to service [P only]--service=<service> --remove-port=<portid>[-<portid>]/<protocol>Remove a port from service [P only]--service=<service> --query-port=<portid>[-<portid>]/<protocol>Return whether the port has been added for service [P only]--service=<service> --get-portsList ports of service [P only]--service=<service> --add-protocol=<protocol>Add a new protocol to service [P only]--service=<service> --remove-protocol=<protocol>Remove a protocol from service [P only]--service=<service> --query-protocol=<protocol>Return whether the protocol has been added for service [P only]--service=<service> --get-protocolsList protocols of service [P only]--service=<service> --add-source-port=<portid>[-<portid>]/<protocol>Add a new source port to service [P only]--service=<service> --remove-source-port=<portid>[-<portid>]/<protocol>Remove a source port from service [P only]--service=<service> --query-source-port=<portid>[-<portid>]/<protocol>Return whether the source port has been added for service [P only]--service=<service> --get-source-portsList source ports of service [P only]--service=<service> --add-module=<module>Add a new module to service [P only]--service=<service> --remove-module=<module>Remove a module from service [P only]--service=<service> --query-module=<module>Return whether the module has been added for service [P only]--service=<service> --get-modulesList modules of service [P only]--service=<service> --set-destination=<ipv>:<address>[/<mask>]Set destination for ipv to address in service [P only]--service=<service> --remove-destination=<ipv>Disable destination for ipv i service [P only]--service=<service> --query-destination=<ipv>:<address>[/<mask>]Return whether destination ipv is set for service [P only]--service=<service> --get-destinationsList destinations in service [P only]Options to Adapt and Query Zones--list-all List everything added for or enabled in a zone [P] [Z]--list-services List services added for a zone [P] [Z]--timeout=<timeval> Enable an option for timeval time, where timeval isa number followed by one of letters 's' or 'm' or 'h'Usable for options marked with [T]--set-description=<description>Set new description to zone [P only] [Z]--get-description Print description for zone [P only] [Z]--set-short=<description>Set new short description to zone [P only] [Z]--get-short Print short description for zone [P only] [Z]--add-service=<service>Add a service for a zone [P] [Z] [T]--remove-service=<service>Remove a service from a zone [P] [Z]--query-service=<service>Return whether service has been added for a zone [P] [Z]--list-ports List ports added for a zone [P] [Z]--add-port=<portid>[-<portid>]/<protocol>Add the port for a zone [P] [Z] [T]--remove-port=<portid>[-<portid>]/<protocol>Remove the port from a zone [P] [Z]--query-port=<portid>[-<portid>]/<protocol>Return whether the port has been added for zone [P] [Z]--list-protocols List protocols added for a zone [P] [Z]--add-protocol=<protocol>Add the protocol for a zone [P] [Z] [T]--remove-protocol=<protocol>Remove the protocol from a zone [P] [Z]--query-protocol=<protocol>Return whether the protocol has been added for zone [P] [Z]--list-source-ports List source ports added for a zone [P] [Z]--add-source-port=<portid>[-<portid>]/<protocol>Add the source port for a zone [P] [Z] [T]--remove-source-port=<portid>[-<portid>]/<protocol>Remove the source port from a zone [P] [Z]--query-source-port=<portid>[-<portid>]/<protocol>Return whether the source port has been added for zone [P] [Z]--list-icmp-blocks List Internet ICMP type blocks added for a zone [P] [Z]--add-icmp-block=<icmptype>Add an ICMP block for a zone [P] [Z] [T]--remove-icmp-block=<icmptype>Remove the ICMP block from a zone [P] [Z]--query-icmp-block=<icmptype>Return whether an ICMP block has been added for a zone[P] [Z]--add-icmp-block-inversionEnable inversion of icmp blocks for a zone [P] [Z]--remove-icmp-block-inversionDisable inversion of icmp blocks for a zone [P] [Z]--query-icmp-block-inversionReturn whether inversion of icmp blocks has been enabledfor a zone [P] [Z]--list-forward-ports List IPv4 forward ports added for a zone [P] [Z]--add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]Add the IPv4 forward port for a zone [P] [Z] [T]--remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]Remove the IPv4 forward port from a zone [P] [Z]--query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]Return whether the IPv4 forward port has been added fora zone [P] [Z]--add-masquerade Enable IPv4 masquerade for a zone [P] [Z] [T]--remove-masquerade Disable IPv4 masquerade for a zone [P] [Z]--query-masquerade Return whether IPv4 masquerading has been enabled for azone [P] [Z]--list-rich-rules List rich language rules added for a zone [P] [Z]--add-rich-rule=<rule>Add rich language rule 'rule' for a zone [P] [Z] [T]--remove-rich-rule=<rule>Remove rich language rule 'rule' from a zone [P] [Z]--query-rich-rule=<rule>Return whether a rich language rule 'rule' has beenadded for a zone [P] [Z]Options to Handle Bindings of Interfaces--list-interfaces List interfaces that are bound to a zone [P] [Z]--add-interface=<interface>Bind the <interface> to a zone [P] [Z]--change-interface=<interface>Change zone the <interface> is bound to [P] [Z]--query-interface=<interface>Query whether <interface> is bound to a zone [P] [Z]--remove-interface=<interface>Remove binding of <interface> from a zone [P] [Z]Options to Handle Bindings of Sources--list-sources List sources that are bound to a zone [P] [Z]--add-source=<source>[/<mask>]|<MAC>|ipset:<ipset>Bind the source to a zone [P] [Z]--change-source=<source>[/<mask>]|<MAC>|ipset:<ipset>Change zone the source is bound to [Z]--query-source=<source>[/<mask>]|<MAC>|ipset:<ipset>Query whether the source is bound to a zone [P] [Z]--remove-source=<source>[/<mask>]|<MAC>|ipset:<ipset>Remove binding of the source from a zone [P] [Z]Helper Options--new-helper=<helper> --module=<module> [--family=<family>]Add a new helper [P only]--new-helper-from-file=<filename> [--name=<helper>]Add a new helper from file with optional name [P only]--delete-helper=<helper>Delete an existing helper [P only]--load-helper-defaults=<helper>Load helper default settings [P only]--info-helper=<helper> Print information about an helper--path-helper=<helper> Print file path of an helper [P only]--get-helpers Print predefined helpers--helper=<helper> --set-description=<description>Set new description to helper [P only]--helper=<helper> --get-descriptionPrint description for helper [P only]--helper=<helper> --set-short=<description>Set new short description to helper [P only]--helper=<helper> --get-shortPrint short description for helper [P only]--helper=<helper> --add-port=<portid>[-<portid>]/<protocol>Add a new port to helper [P only]--helper=<helper> --remove-port=<portid>[-<portid>]/<protocol>Remove a port from helper [P only]--helper=<helper> --query-port=<portid>[-<portid>]/<protocol>Return whether the port has been added for helper [P only]--helper=<helper> --get-portsList ports of helper [P only]--helper=<helper> --set-module=<module>Set module to helper [P only]--helper=<helper> --get-moduleGet module from helper [P only]--helper=<helper> --set-family={ipv4|ipv6|}Set family for helper [P only]--helper=<helper> --get-familyGet module from helper [P only]Direct Options--direct First option for all direct options--get-all-chainsGet all chains [P]--get-chains {ipv4|ipv6|eb} <table>Get all chains added to the table [P]--add-chain {ipv4|ipv6|eb} <table> <chain>Add a new chain to the table [P]--remove-chain {ipv4|ipv6|eb} <table> <chain>Remove the chain from the table [P]--query-chain {ipv4|ipv6|eb} <table> <chain>Return whether the chain has been added to the table [P]--get-all-rulesGet all rules [P]--get-rules {ipv4|ipv6|eb} <table> <chain>Get all rules added to chain in table [P]--add-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...Add rule to chain in table [P]--remove-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...Remove rule with priority from chain in table [P]--remove-rules {ipv4|ipv6|eb} <table> <chain>Remove rules from chain in table [P]--query-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...Return whether a rule with priority has been added tochain in table [P]--passthrough {ipv4|ipv6|eb} <arg>...Pass a command through (untracked by firewalld)--get-all-passthroughsGet all tracked passthrough rules [P]--get-passthroughs {ipv4|ipv6|eb} <arg>...Get tracked passthrough rules [P]--add-passthrough {ipv4|ipv6|eb} <arg>...Add a new tracked passthrough rule [P]--remove-passthrough {ipv4|ipv6|eb} <arg>...Remove a tracked passthrough rule [P]--query-passthrough {ipv4|ipv6|eb} <arg>...Return whether the tracked passthrough rule has beenadded [P]Lockdown Options--lockdown-on Enable lockdown.--lockdown-off Disable lockdown.--query-lockdown Query whether lockdown is enabledLockdown Whitelist Options--list-lockdown-whitelist-commandsList all command lines that are on the whitelist [P]--add-lockdown-whitelist-command=<command>Add the command to the whitelist [P]--remove-lockdown-whitelist-command=<command>Remove the command from the whitelist [P]--query-lockdown-whitelist-command=<command>Query whether the command is on the whitelist [P]--list-lockdown-whitelist-contextsList all contexts that are on the whitelist [P]--add-lockdown-whitelist-context=<context>Add the context context to the whitelist [P]--remove-lockdown-whitelist-context=<context>Remove the context from the whitelist [P]--query-lockdown-whitelist-context=<context>Query whether the context is on the whitelist [P]--list-lockdown-whitelist-uidsList all user ids that are on the whitelist [P]--add-lockdown-whitelist-uid=<uid>Add the user id uid to the whitelist [P]--remove-lockdown-whitelist-uid=<uid>Remove the user id uid from the whitelist [P]--query-lockdown-whitelist-uid=<uid>Query whether the user id uid is on the whitelist [P]--list-lockdown-whitelist-usersList all user names that are on the whitelist [P]--add-lockdown-whitelist-user=<user>Add the user name user to the whitelist [P]--remove-lockdown-whitelist-user=<user>Remove the user name user from the whitelist [P]--query-lockdown-whitelist-user=<user>Query whether the user name user is on the whitelist [P]Panic Options--panic-on Enable panic mode--panic-off Disable panic mode--query-panic Query whether panic mode is enabled
若有收获,就点个赞吧
0 人点赞
