- 查看防火墙状态:active (running) 即是开启状态
systemctl status firewalld
- 如果不是显示active状态,需要打开防火墙
systemctl start firewalld
- 查看所有已开放的端口
firewall-cmd --list-ports
firewall-cmd --list-ports --permanent
- 新增防火墙开放端口
firewall-cmd --zone=public --add-port=3306/tcp --permanent
命令含义:
--zone
--add-port=3306/tcp
--permanent
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.29.0.0/24 port protocol=tcp port=22 accept'
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.17.14.184 port protocol=tcp port=3306 accept'
- 关闭防火墙端口
firewall-cmd --remove-port=80/tcp
firewall-cmd --remove-port=80/tcp --permanent
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --remove-port=22/tcp
- 配置结束后需要输入重载命令并重启防火墙以生效配置
firewall-cmd --reload
systemctl restart firewalld
- firewalld的基本使用命令
systemctl start firewalld
systemctl stop firewalld
systemctl status firewalld
systemctl disable firewalld
systemctl enable firewalld
- 配置firewalld-cmd命令
firewall-cmd --version
firewall-cmd --help
firewall-cmd --state
firewall-cmd --zone=public --list-ports
firewall-cmd --reload
firewall-cmd --get-active-zones
firewall-cmd --get-zone-of-interface=eth0
firewall-cmd --panic-on
firewall-cmd --panic-off
firewall-cmd --query-panic
firewall-cmd --query-port=3306/tcp
firewall-cmd --permanent --remove-port=3306/tcp
- systemctl相关命令
systemctl start firewalld.service
systemctl stop firewalld.service
systemctl restart firewalld.service
systemctl status firewalld.service
systemctl enable firewalld.service
systemctl disable firewalld.service
systemctl is-enabled firewalld.service
systemctl list-unit-files|grep enabled
systemctl --failed
- 查看端口号
netstat -ntlp //查看当前所有tcp端口
netstat -ntulp |grep 3306 //查看所有3306 端口使用情况
- 若遇到无法开启
先用:systemctl unmask firewalld.service
然后:systemctl start firewalld.service