Firewall
#查看所有zone
firewall-cmd --get-zones
#查看指定网卡绑定的zone
firewall-cmd --get-zone-of-interface=eth0
#查看default/active状态zone
firewall-cmd --get-default-zone
firewall-cmd --get-active-zone
#查看开放的端口
firewall-cmd --zone=public --list-ports
#查看当前放行服务
firewall-cmd --list-services
#查看可放行服务
firewall-cmd --get-services
#服务重载
firewall-cmd --reload
#添加服务
firewall-cmd --permanent --add-service=test --permanent
#开放端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
#关闭端口
firewall-cmd --zone=public --remove-port=80/tcp --permanent
#开放所有端口
firewall-cmd --permanent --zone=public --add-port=1-65535/tcp
#对指定IP开放22端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.191.8" port protocol="tcp" port="22" accept"
#对指定IP限制访问22端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.191.8" port protocol="tcp" port="22" reject"
#白名单源地址允许所有连接从10.0.191.8访问
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="10.0.191.8" accept'
#黑名单源地址以拒绝来自10.0.191.8的所有连接
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="10.0.191.8" reject type="icmp-admin-prohibited"'
#从10.0.191.8删除所有连接的黑名单源地址
firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="10.0.191.8" drop'
#查看规则列表
firewall-cmd --list-rich-rules
#删除rich rule
firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="10.0.191.8" port port="22" protocol="tcp" accept'
<?-- 新建服务,/usr/lib/firewalld/services/Hadoop2.xml -->
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Hadoop-dfs.datanode.address</short>
<description>DataNode服务端口</description>
<port protocol="tcp" port="50010"/>
</service>
<service>
<short>Hadoop-dfs.datanode.http.address</short>
<description>DataNode服务端口</description>
<port protocol="tcp" port="50075"/>
</service>
<service>
<short>Hadoop-dfs.datanode.https.address</short>
<description>DataNode HTTPS服务端口</description>
<port protocol="tcp" port="50475"/>
</service>
<service>
<short>Hadoop-dfs.datanode.ipc.address</short>
<description>DataNode ipc服务端口</description>
<port protocol="tcp" port="50020"/>
</service>
<service>
<short>Hadoop-dfs.namenode.https-address</short>
<description>NameNode服务端口</description>
<port protocol="tcp" port="50470"/>
</service>
<service>
<short>Hadoop-fs.defaultFS</short>
<description>RPC端口,用于获取文件系统metadata信息</description>
<port protocol="tcp" port="8020"/>
</service>
<service>
<short>Hadoop-dfs.journalnode.rpc-address</short>
<description>JournalNode服务端口</description>
<port protocol="tcp" port="8485"/>
</service>
<service>
<short>Hadoop-dfs.journalnode.http-address</short>
<description>JournalNode服务端口</description>
<port protocol="tcp" port="8480"/>
</service>
<service>
<short>Hadoop-dfs.ha.zkfc.port</short>
<description>ZKFC服务端口</description>
<port protocol="tcp" port="8019"/>
</service>
<service>
<short>Hadoop-yarn.resourcemanager.address</short>
<description>ResourceManager服务端口</description>
<port protocol="tcp" port="8032"/>
</service>
<service>
<short>Hadoop-yarn.resourcemanager.scheduler.address</short>
<description>ResourceManager服务端口</description>
<port protocol="tcp" port="8030"/>
</service>
<service>
<short>Hadoop-yarn.resourcemanager.resource-tracker.address</short>
<description>ResourceManager服务端口</description>
<port protocol="tcp" port="8031"/>
</service>
<service>
<short>Hadoop-yarn.resourcemanager.admin.address</short>
<description>ResourceManager服务端口</description>
<port protocol="tcp" port="8033"/>
</service>
<service>
<short>Hadoop-yarn.resourcemanager.webapp.address</short>
<description>ResourceManager服务端口</description>
<port protocol="tcp" port="8088"/>
</service>
<service>
<short>Hadoop-yarn.nodemanager.localizer.address</short>
<description>NodeManager服务端口</description>
<port protocol="tcp" port="8040"/>
</service>
<service>
<short>Hadoop-yarn.nodemanager.webapp.address</short>
<description>NodeManager服务端口</description>
<port protocol="tcp" port="8042"/>
</service>
<service>
<short>Hadoop-yarn.nodemanager.address</short>
<description>NodeManager服务端口</description>
<port protocol="tcp" port="8041"/>
</service>
<service>
<short>Hadoop-mapreduce.jobhistory.address</short>
<description>JobHistoryServer服务端口</description>
<port protocol="tcp" port="10020"/>
</service>
<service>
<short>Hadoop-mapreduce.jobhistory.webapp.address</short>
<description>JobHistoryServer服务端口</description>
<port protocol="tcp" port="19888"/>
</service>
文章评论