启动和停止
systemctl start firewalld
systemctl stop firewalld
查看状态
[root@MiWiFi-R3-srv nginx-1.13.6]# firewall-cmd --state
running
[root@MiWiFi-R3-srv nginx-1.13.6]# firewall-cmd --state
not running
[root@MiWiFi-R3-srv ~]# systemctl status firewalld
查看打开的端口
[root@MiWiFi-R3-srv ~]# firewall-cmd --zone=public --list-ports
80/tcp
开放端口
[root@MiWiFi-R3-srv ~]# firewall-cmd --zone=public --add-port=3306/tcp --permanent
success
#--permanent重启后仍然有效
关闭端口
[root@MiWiFi-R3-srv ~]# firewall-cmd --zone=public --remove-port=80/tcp
success
端口转发
[root@MiWiFi-R3-srv ~]# firewall-cmd --add-forward-port=port=33064:proto=tcp:toaddr=172.17.183.185:toport=3306 --permanent
success
删除端口转发
[root@MiWiFi-R3-srv ~]# firewall-cmd --add-forward-port=port=33064:proto=tcp:toaddr=172.17.183.185:toport=3306 --permanent
success
查看端口转发列表
[root@MiWiFi-R3-srv ~]# firewall-cmd --list-forward-ports
利用firewalld使内网主机访问公网
firewall-cmd --add-masquerade --permanent
firewall-cmd --reload
修改默认网关为服务器的内网ip地址
添加dns