[CentOS] firewalld and LISTEN

Sun Jul 30 05:06:37 UTC 2017
望月忠雄 <tadao at creative-japan.org>

Dear Gordon Messmer,

Thank you.

Please teach me one more.
By 'firewall-cmd --list' its answer is following.

external (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  services: dns ftp http https imaps pop3s smtp ssh
  ports: 110/tcp 21/tcp 20000/tcp 106/tcp 53/tcp 990/tcp 5432/tcp 8447/tcp
113/tcp 143/tcp 3306/tcp 5224/tcp 22/tcp 465/tcp 995/tcp 25/tcp 10000/tcp
8443/tcp 993/tcp 443/tcp 8880/tcp 587/tcp 20/tcp 53/udp 12768/tcp
  masquerade: yes
  rich rules:

Now I can use http normally.
And 'ss -nat' shows 80 ports used.

But in avobe firewalld lists, there's  http service, but isn't 80/tcp.port.
Must I add 80/tcp.port?


2017-07-28 11:29 GMT+09:00 Gordon Messmer <gordon.messmer at gmail.com>:

> On 07/27/2017 06:36 PM, 望月忠雄 wrote:
>> But by ss -nat, IPV4 443 is not listend. How can I fix?
>> # ss -nat | grep LISTEN | grep 443
>> LISTEN     0      128         :::443                     :::*
> By default, Linux processes that listen on an IPv6 port will also listen
> on the IPv4 port (when no specific address is specified):
> http://man7.org/linux/man-pages/man7/ipv6.7.html
> You could change that behavior by modifying /proc/sys/net/ipv6/bindv6only,
> but your system is working normally now.
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> https://lists.centos.org/mailman/listinfo/centos