1. 查看防火墙状态:
systemctl status firewalld
2. 若要开启/关闭防火墙
systemctl restart/start/stop firewalld
systemctl start/restart/stop firewalld.service
3. 查看已安装防火墙规则:
firewall-cmd --list-ports
4. 添加端口到防火墙上:
firewall-cmd --add-port=80/tcp --permanent
查询是否添加成功:
firewall-cmd --query-port=80/tcp
5. 更新已设置的规则:
firewall-cmd --reload
6. 移除端口:
firewall-cmd --remove-port=80/tcp
7. 备份防火墙规则:
firewall-cmd --set-default-strict=false
8. 查询默认区域:
systemctl get-default
9. 设置开机不启动防火墙
systemctl disable firewalld.service
-- 允许192.168.0.111访问5432端口,多个IP以逗号分隔
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.111" port protocol="tcp" port="5432" accept"
-- 查询规则
firewall-cmd --list-all
-- 移除规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.0.111" port protocol="tcp" port="5432" accept"
-- 重新加载
sudo firewall-cmd --reload
-- 添加一个网段
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.168.186.0/24" port protocol="tcp" port="22" accept"
--