如何查看防火墙中开放的端口？

防火墙如何查看端口开放端口

一、

在计算机网络中，防火墙扮演着至关重要的角色，它用于监控和控制进出网络的流量，确保只有授权的访问被允许通过，了解如何查看防火墙开放的端口是系统管理员进行网络安全管理的重要技能之一，本文将详细介绍几种常见的方法来查看防火墙开放的端口，并提供相关命令的示例。

二、查看防火墙开放的端口的方法

1. 使用firewalld（适用于CentOS/RHEL 7+）

firewalld是CentOS 7及后续版本中默认使用的防火墙管理工具，以下是一些常用的命令：

查看firewalld状态

  sudo systemctl status firewalld

输出示例：

  • firewalld.service firewalld dynamic firewall daemon
     Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2024-06-24 10:23:15 PDT; 1 days ago

查看所有开放的端口

  sudo firewall-cmd --list-ports

输出示例：

  5672/tcp 8080/tcp

查看指定zone（如public）的开放端口

  sudo firewall-cmd --zone=public --list-ports

输出示例：

  5672/tcp 8080/tcp

2. 使用iptables（多种Linux发行版）

iptables是一种强大的防火墙工具，广泛应用于多种Linux发行版，以下是一些常用的命令：

查看iptables状态

  sudo service iptables status

或者

  sudo systemctl status iptables

查看所有iptables规则

  sudo iptables -L -n -v

输出示例：

  Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target prot opt in  out source destination
   ...

查看特定链的规则

  sudo iptables -L INPUT -n --line-numbers | grep ACCEPT

输出示例：

  1   0 0 tcp IN=eth0 OUT= ... LOCAL= ... REMOTE= ...

3. 使用ufw（适用于Ubuntu/Debian）

ufw（Uncomplicated Firewall）是Ubuntu和Debian系统中常用的防火墙工具，以下是一些常用的命令：

查看ufw状态

  sudo ufw status

输出示例：

  Status: active
  To                         Action      From
  ------------------------------------------
  5672/tcp                  ALLOW       Anywhere
  8080/tcp                  ALLOW       Anywhere
  ...

查看详细的ufw状态

  sudo ufw status verbose

输出示例：

  Status: active
  Logging: on (low)
  Default: deny (incoming), allow (outgoing), disabled (routed)
  New profiles: skip
  ...

4. 使用ss或netstat（辅助工具）

虽然ss和netstat不是直接查看防火墙开放端口的工具，但它们可以显示系统上哪些端口正在被监听，这有助于了解哪些服务可能正在运行并可能通过防火墙开放端口。

使用ss查看TCP监听端口

  sudo ss -tuln

输出示例：

  Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
  tcp   LISTEN   0      128   0.0.0.0:5672    0.0.0.0:*       
   ...

使用netstat查看TCP监听端口

  sudo netstat -tuln

输出示例：

  tcp        0      0 0.0.0.0:5672            0.0.0.0:*               LISTEN      
   ...

5. 使用nmap（网络扫描工具）

nmap是一款开源的网络扫描工具，可以用来扫描本地主机的开放端口，以下是使用nmap扫描本地主机的命令：

安装nmap（如果尚未安装）

Ubuntu/Debian:

    sudo apt-get install nmap

CentOS/RHEL:

    sudo yum install nmap

使用nmap扫描本地主机的开放端口

  sudo nmap -sT -O localhost

输出示例：

  Starting Nmap [version] at [timestamp]
  Nmap scan report for [hostname] ([IP address])
  Host is up (0.00010s latency).
  Not shown: [number] closed ports
  PORT    STATE SERVICE
  ...     open   ssh
   ...     open   http
   ...     open   http-alt
   ...     open   http-proxy
   ...     open   https?
   ...     open   http-proxy
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?
   ...     open   ftp?
   ...     open   ftp-data?
   ...     open   ftps?
   ...     open   ftps?
   ...     open   http-alt?
   ...     open   http-proxy?

以上内容就是解答有关“防火墙如何查看端口开放端口”的详细内容了，我相信这篇文章可以为您解决一些疑惑，有任何问题欢迎留言反馈，谢谢阅读。