Centos查看端口占用情况和开启端口命令
Centos查看端口占用情况命令,比如查看80端口占用情况使用如下命令:
lsof -i tcp:80
列出所有端口
netstat -ntlp
mac上查看端口:
lsof -i :5055
netstat -anp tcp,这个查不到进程号。
netstat -an
lsof -i
lsof -P
lsof -n -P -i TCP -s TCP:LISTEN
1、开启端口(以80端口为例)
方法一:
sudo iptables -I INPUT -p tcp –dport 80 -j ACCEPT 写入修改
sudo service iptables save 保存修改
sudo service iptables restart 重启防火墙,修改生效
方法二:
vi /etc/sysconfig/iptables 打开配置文件加入如下语句:
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT 重启防火墙,修改完成
2、关闭端口
方法一:
sudo iptables -I INPUT -p tcp –dport 80 -j DROP 写入修改
sudo service iptables save 保存修改
sudo service iptables restart 重启防火墙,修改生效
方法二:
vi /etc/sysconfig/iptables 打开配置文件加入如下语句:
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j DROP 重启防火墙,修改完成
3、查看端口状态
/etc/init.d/iptables status
常用配置如下:
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2:120]
-A INPUT -p tcp -m tcp –dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp –dport 8443 -j ACCEPT
-A INPUT -s 10.36.1.0/24 -p tcp -m tcp –dport 20022 -j ACCEPT
-A INPUT -s 10.36.0.0/24 -p tcp -m tcp –dport 20022 -j ACCEPT
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p ah -j ACCEPT
-A INPUT -p esp -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 500 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 80 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 21 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 443 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 137 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 138 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 137 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 138 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 139 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 445 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 1812 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 1813 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 1194 -j ACCEPT
-A INPUT -p udp -m state –state NEW -m udp –dport 69 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 16509 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 16514 -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 3306 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -j REJECT –reject-with icmp-host-prohibited