一、防火墙设置
启动: systemctl start firewalld
关闭: systemctl stop firewalld
重启:systemctl restart firewalld.service
查看状态: systemctl status firewalld
开机禁用 : systemctl disable firewalld
开机启用 : systemctl enable firewalld
查看开机启动:systemctl is-enabled firewalld.service
查看服务列表:systemctl list-unit-files|grep enabled
二、端口设置
1、开放端口
firewall-cmd --zone=public --add-port=3306/tcp --permanent # 开放3306端口
firewall-cmd --zone=public --remove-port=9000/tcp --permanent #关闭9000端口
firewall-cmd --reload # 配置立即生效
2、查看防火墙所有开放的端口
firewall-cmd --zone=public --list-ports
[root@localhost ~]# firewall-cmd --zone=public --list-ports
8444/tcp 3306/tcp
[root@localhost ~]#
3、查看防火墙状态
firewall-cmd --state
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#
如果要开放的端口太多,嫌麻烦,可以关闭防火墙,安全性自行评估
systemctl stop firewalld.service
重新载入
firewall-cmd --reload
4、查看监听的端口
netstat -lnpt
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]# netstat -lnpt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 192.168.122.1:53 0.0.0.0:* LISTEN 4091/dnsmasq
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1124/sshd
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 1123/cupsd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 8796/sshd: MuWei@pt
tcp 0 0 127.0.0.1:6011 0.0.0.0:* LISTEN 9609/sshd: MuWei@pt
tcp 0 0 127.0.0.1:6012 0.0.0.0:* LISTEN 11064/sshd: MuWei@p
tcp 0 0 127.0.0.1:6013 0.0.0.0:* LISTEN 11115/sshd: MuWei@p
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 1/systemd
tcp6 0 0 :::22 :::* LISTEN 1124/sshd
tcp6 0 0 ::1:631 :::* LISTEN 1123/cupsd
tcp6 0 0 ::1:6010 :::* LISTEN 8796/sshd: MuWei@pt
tcp6 0 0 ::1:6011 :::* LISTEN 9609/sshd: MuWei@pt
tcp6 0 0 ::1:6012 :::* LISTEN 11064/sshd: MuWei@p
tcp6 0 0 ::1:6013 :::* LISTEN 11115/sshd: MuWei@p
tcp6 0 0 :::33060 :::* LISTEN 9843/mysqld
tcp6 0 0 :::3306 :::* LISTEN 9843/mysqld
tcp6 0 0 :::111 :::* LISTEN 1/systemd