1、需求
因监控需求,需要监控部署在redhat7.9服务器上的mysql单机数据库,但是zabbix agent的10050端口无法通,发现是开启了防火墙,增加端口访问策略。添加了端口10050/tcp到防火墙规则中,并重新加载了防火墙配置。步骤如下
2、处理过程
2.1. 查看系统版本信息:
cat /etc/redhat-release
输出显示您的系统是Red Hat Enterprise Linux Server release 7.9 (Maipo)。
2.2. 查看firewalld服务状态:
[root@***-single ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-11-22 18:39:14 CST; 5 months 20 days ago
Docs: man:firewalld(1)
Main PID: 911 (firewalld)
CGroup: /system.slice/firewalld.service
└─911 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Nov 22 18:39:13 zentao-single systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 22 18:39:14 zentao-single systemd[1]: Started firewalld - dynamic firewall daemon.
Nov 22 18:39:14 zentao-single firewalld[911]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future ...ing it now.
Dec 05 14:12:15 zentao-single firewalld[911]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future ...ing it now.
Dec 05 14:14:51 zentao-single firewalld[911]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future ...ing it now.
Dec 05 14:16:16 zentao-single firewalld[911]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future ...ing it now.
Dec 18 17:28:37 zentao-single firewalld[911]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future ...ing it now.
Dec 18 17:28:52 zentao-single firewalld[911]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future ...ing it now.
Hint: Some lines were ellipsized, use -l to show in full.
输出显示firewalld服务当前处于活动状态(active),并且已经运行了5个月20天。
2.3. 查看所有防火墙规则:
[root@***-single ~]# firewall-cmd --permanent --add-port=10050/tcp
success
[root@zentao-single ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 80/tcp 3306/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="1**.1*8.1*6.1*" port port="9100" protocol="tcp" accept
输出显示当前的防火墙规则,包括默认的目标(target)、接口(interfaces)、服务(services)和端口(ports)。
2.4. 添加端口10050/tcp到防火墙规则中:
[root@***-single ~]# firewall-cmd --permanent --add-port=10050/tcp
success
此命令将端口10050/tcp添加到防火墙规则中,并设置为永久生效。
2.5. 重新加载防火墙配置:
[root@***-single ~]# firewall-cmd --reload
success
此命令重新加载防火墙配置,使之前所做的更改生效。
2.6. 再次查看所有防火墙规则:
[root@***-single ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports: 80/tcp 3306/tcp 10050/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="1**.1*8.1*6.1*" port port="9100" protocol="tcp" accept
输出显示更新后的防火墙规则,现在包含了新添加的端口10050/tcp。
2.7 端口测试
[root@oracle_zabbix_*** ~]# telnet 1**.18.16.1* 10050
Trying 1**.18.16.1*…
Connected to 1**.18.16.1*
Escape character is ‘^]’.
^CConnection closed by foreign host.
通过以上步骤,将端口10050/tcp添加到防火墙规则中,并使其生效。这将允许外部设备通过该端口与您的服务器进行通信。请确保在执行这些操作时具有适当的权限,并根据实际需求调整防火墙规则以满足您的安全要求。
「喜欢这篇文章,您的关注和赞赏是给作者最好的鼓励」
关注作者
【版权声明】本文为墨天轮用户原创内容,转载时必须标注文章的来源(墨天轮),文章链接,文章作者等基本信息,否则作者和墨天轮有权追究责任。如果您发现墨天轮中有涉嫌抄袭或者侵权的内容,欢迎发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
