OpenEuler 版本: 22.09
Linux njoffice06 5.10.0-106.18.0.68.oe2209.x86_64 #1 SMP Wed Sep 28 07:03:00 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux
开放KubeSphere需要的端口
- sudo firewall-cmd --zone=public --permanent --add-port=22/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=2379-2380/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=6443/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=9099-9100/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=179/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=30000-32767/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=10250-10258/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=53/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=53/udp
- sudo firewall-cmd --zone=public --permanent --add-port=5000/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=5080/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=111/tcp
- sudo firewall-cmd --zone=public --permanent --add-port=8443/tcp
-
-
-
- 执行完成后重载防火墙
- sudo firewall-cmd --reload
-
- 查看开放的端口
- firewall-cmd --list-port
-
- 输出
- 22/tcp 53/tcp 111/tcp 179/tcp 2379-2380/tcp 5000/tcp 5080/tcp 6443/tcp 8443/tcp 9099-9100/tcp 10250-10258/tcp 30000-32767/tcp 53/udp
查看防火墙状态
systemctl status firewalld
验证防火墙服务是否正在运行
sudo firewall-cmd --state
查询活动区域示例仅有公共区域
- firewall-cmd --get-active-zones
-
- 输出
- public
- interfaces: eno1
查看哪些规则与公共区域相关
- sudo firewall-cmd --list-all
-
- 输出:
- public (active)
- target: default
- icmp-block-inversion: no
- interfaces: eno1
- sources:
- services: dhcpv6-client mdns ssh
- ports:
- protocols:
- forward: yes
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- 可以看到放行的服务有 dhcpv6,mdns,ssh
-
- 通过如下命令也可以看到
- sudo firewall-cmd --zone=public --list-services
-
- 由于我只有一个zone,不加 --zone=public 也可以看到
获取可用服务的列表
- firewall-cmd --get-services
-
-
- 输出
-
- RH-Satellite-6 RH-Satellite-6-capsule amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-mon cfengine cockpit collectd condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git grafana gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver kube-control-plane kube-controller-manager kube-scheduler kubelet-worker ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd netbios-ns nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus proxy-dhcp ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wireguard wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server
-
-
-
- 根据kubesphere相关的服务开启一下, 我的理解是这个服务开通了, 是不是端口不需要开通了?
- 为啥服务跟端口都要开启, 不是多此一举吗? 暂时把知道的服务放开一下
- sudo firewall-cmd --zone=public --permanent --add-service=https
- sudo firewall-cmd --zone=public --permanent --add-service=http
- sudo firewall-cmd --zone=public --permanent --add-service=kube-api
- sudo firewall-cmd --zone=public --permanent --add-service=kube-apiserver
- sudo firewall-cmd --zone=public --permanent --add-service=kube-control-plane
- sudo firewall-cmd --zone=public --permanent --add-service=kube-controller-manager
- sudo firewall-cmd --zone=public --permanent --add-service=kube-scheduler
- sudo firewall-cmd --zone=public --permanent --add-service=kubelet-worker
- sudo firewall-cmd --zone=public --permanent --add-service=ldap
- sudo firewall-cmd --zone=public --permanent --add-service=etcd-client
- sudo firewall-cmd --zone=public --permanent --add-service=etcd-server
-
-
- 重载一下
- sudo firewall-cmd --reload
-
- 查看有开启了哪些服务
-
- sudo firewall-cmd --zone=public --list-services
-
-
开放端口及端口范围
- sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
-
- firewall-cmd --permanent --zone=public --add-port=8080-8090/tcp
-
-
- 删除规则
- firewall-cmd --permanent --zone=public --remove-port=8840-8900/tcp
查询端口号80 是否开启
firewall-cmd --query-port=80/tcp
重启防火墙
sudo firewall-cmd --reload
查询有哪些端口是开启的
firewall-cmd --list-port