1,确保防火墙的开启
查看防火墙状态:systemctl status firewalld
开启防火墙:systemctl start firewalld
关闭防火墙:systemctl stop firewalld
重启防火墙:systemctl restart firewalld
开机自启:systemctl enbable firewalld
开机自动关闭:systemctl disable firewalld
2,放行端口,服务(firewalld-cmd命令)
端口:firewalld-cmd --zone=public --add-port=端口号/tcp --permanent
服务:firewall-cmd --add-service=ftp --permanent
重新载入:
firewall-cmd --reload
查看:
#查看所有打开的端口:
firewall-cmd --zone=public --list-ports
#查看某个端口
firewall-cmd --zone= public --query-port=80/tcp
删除:
firewall-cmd --zone=public --remove-port=80/tcp --permanent
端口转发:
#对80端口的请求转发到8888
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8888
#移除端口转发:
firewall-cmd --remove-forward-port=port=80:proto=tcp:toport=8888
#查询端口转发:
firewall-cmd --query-forward-port=port=80:proto=tcp:toport=8888
禁止一个IP:
#禁止某一個IP:
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="IP地址" drop'
#禁止一个IP访问ssh服务:
firewall-cmd --permanent --zone=public --add-rich-rule="rule family=ipv4 source address=‘x.x.x.x/24‘ service name=‘ssh‘ drop"
开启所有端口:
firewall-cmd --permanent --zone=public --add-port=1-65535/tcp
开启端口仅允许某个IP
#开启8888端口只允许192.168.0.1访问:
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="8888" accept"
#开启8888端口只允许某个网段访问:
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.142.0.0" port protocol="tcp" port="8888" accept"
查看版本: firewall-cmd --version
查看帮助: firewall-cmd --help
显示状态: firewall-cmd --state
查看区域信息: firewall-cmd --get-active-zones
查看指定接口所属区域: firewall-cmd --get-zone-of-interface=eth0
拒绝所有包:firewall-cmd --panic-on
取消拒绝状态: firewall-cmd --panic-off
查看是否拒绝: firewall-cmd --query-panic