centos7防火墻操作

sudo systemctl  status  firewalld.service  #查看防火墻狀態(tài)  
sudo systemctl  start  firewalld.service  #開啟防火墻 
sudo systemctl  stop  firewalld.service  #關(guān)閉防火墻 
sudo systemctl enable firewalld.service #開機自啟
sudo systemctl disable firewalld.service #取消開機自啟

Cloudera Manager例外

防火墻添加端口例外愈污，執(zhí)行以下腳本(集群規(guī)劃中ClouderaManager主機和Service服務主機)

cm_ports=(7180 7183 7182 7432 9000 9001 7184 7185 8084 10101 8086 9997 9996 8087 9999 9998 8090 9995 9994 5678 8083 7186 7187 4867)
for data in ${cm_ports[@]};
do  
    sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

NameNode管理節(jié)點需要額外添加的例外

hdfs_ports=(8022)
for data in ${hdfs_ports[@]};
do   
    sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

CDH節(jié)點例外

cdh5_ports=(50010 1004 50075 1006 50020 8020 50070 50470 50090 50495 8485 8480 8021 50030 9290 50060 0 8032 8030 8031 8033 8088 8040 8042 8041 10020 19888 60000 60010 60020 60030 2181 2888 3888 8080 8085 9090 9095 9090 9083 10000 16000 12000 12001 3181 4181 8019 9010 8888 8002 8003 11000 11001 7077 7078 18080 18081 14000 14001 9000)
for data in ${cdh5_ports[@]};
do
sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

jobtracker節(jié)點需要額外添加的例外

jb_ports=(8023)
for data in ${jb_ports[@]};
do 
sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

zookeeper節(jié)點需要額外添加的例外

zk_ports=(2888)
for data in ${zk_ports[@]};
do 
sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

impala節(jié)點需要額外添加的例外

impala_ports=(21000 21050 22000 23000 25000 25010 25020 24000 26000 28000 15002 15000 15001)
for data in ${impala_ports[@]};
do 
sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

solr節(jié)點需要額外添加的例外

search_ports=(8983 8984)
for data in ${search_ports[@]};
do 
   sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

NTP防火墻例外

sudo firewall-cmd --permanent --zone=public --add-port=123/tcp

httpd防火墻端口例外

httpd_ports=(80)
for data in ${httpd_ports[@]};
do 
   sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

MySQL防火墻例外

mysql_ports=(3306)
for data in ${mysql_ports[@]};
do 
   sudo firewall-cmd --permanent --zone=public --add-port=${data}/tcp
done

重啟防火墻

sudo systemctl restart firewalld.service

結(jié)果驗證

sudo firewall-cmd --list-ports

（原創(chuàng)文章：如果有需要，請留言告知）