centos 7 弃用了iptables 采用 firewalld 服务为防火墙 firewall-cmd 命令
查看firewall 状态 的几种方式
[root@VM_0_13_centos html]# systemctl status firewalld //运行状态
[root@VM_0_13_centos html]# systemctl is-enabled firewalld //是否开机启动
[root@VM_0_13_centos html]# firewall-cmd --state //是否运行
启用firewalld服务(防火墙)
[root@VM_0_13_centos html]# systemctl start firewalld
[root@VM_0_13_centos html]# systemctl stop firewalld
[root@VM_0_13_centos html]# systemctl restart firewalld
开机启动
[root@VM_0_13_centos html]# systemctl enable firewalld
[root@VM_0_13_centos html]# systemctl disable firewalld
查看已经启动的服务
[root@VM_0_13_centos html]# systemctl list-unit-files|grep enabled
设置防火墙
//查看已经开放的端口
root@VM_0_13_centos html]# firewall-cmd --list-ports
添加80端口
[root@VM_0_13_centos html]# firewall-cmd --zone=public --add-port=80/tcp --permanent
删除80端口
[root@VM_0_13_centos html]# firewall-cmd --zone=public --remove-port=80/tcp --permanent
–zone #作用域
–add-port=80/tcp #添加端口,格式为:端口/通讯协议
–permanent #永久生效,没有此参数重启后失效
重启 firewalld
[root@VM_0_13_centos html]# firewall-cmd --reload
查看firewall 状态 的几种方式
[root@VM_0_13_centos html]# systemctl status firewalld //运行状态
[root@VM_0_13_centos html]# systemctl is-enabled firewalld //是否开机启动
[root@VM_0_13_centos html]# firewall-cmd --state //是否运行
启用firewalld服务(防火墙)
[root@VM_0_13_centos html]# systemctl start firewalld
[root@VM_0_13_centos html]# systemctl stop firewalld
[root@VM_0_13_centos html]# systemctl restart firewalld
开机启动
[root@VM_0_13_centos html]# systemctl enable firewalld
[root@VM_0_13_centos html]# systemctl disable firewalld
查看已经启动的服务
[root@VM_0_13_centos html]# systemctl list-unit-files|grep enabled
设置防火墙
//查看已经开放的端口
root@VM_0_13_centos html]# firewall-cmd --list-ports
添加80端口
[root@VM_0_13_centos html]# firewall-cmd --zone=public --add-port=80/tcp --permanent
删除80端口
[root@VM_0_13_centos html]# firewall-cmd --zone=public --remove-port=80/tcp --permanent
–zone #作用域
–add-port=80/tcp #添加端口,格式为:端口/通讯协议
–permanent #永久生效,没有此参数重启后失效
重启 firewalld
[root@VM_0_13_centos html]# firewall-cmd --reload