- 基本操作
- 启动防火墙
systemctl start firewalld
- 关闭防火墙
systemctl stop firewalld
- 查看状态
systemctl status firewalld
- 开机启用防火墙
systemctl enable firewalld
- 开机禁用防火墙
systemctl disable firewalld
- 高级操作
- 开放某个端口,如8080端口
firewall-cmd --zone=public --add-port=8080/tcp --permanent
- 开放端口范围
firewall-cmd --zone=public --add-port=8000-9999/udp --permanent
- 重新加载配置
firewall-cmd --reload
- 查看防火墙锁开放的端口
firewall-cmd --zone=public --list-port
- 查看所有配置情况
firewall-cmd --list-all
- 关闭某个端口的防火墙,如8080端口
firewall-cmd --zone=public --remove-port=8080/tcp --permanent
- 只允许指定IP或者ip段访问mysql端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.77.166" port protocol="tcp" port="3306" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.77.0./24" port protocol="tcp" port="3306" accept"
- 删除只允许指定ip访问规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.77.166" port protocol="tcp" port="3306" accept"
- 添加屏蔽ip或者ip段访问
firewall-cmd --permanent --zone="public" --add-rich-rule="rule family="ipv4" source address="10.30.125.0/24" drop"
- 查看防火墙rich-rules列表
firewall-cmd --list-rich-rules
评论区