1、防火墙 状态、重启、开启、停止、重加载查看:
systemctl status firewalld
systemctl restart firewalld
systemctl start firewalld
systemctl stop firewalld
systemctl reload firewalld
2、查询规则
2.1常用命令
firewall-cmd --list-all
2.2查看当前所有区域规则
firewall-cmd --list-all-zones
2.3查看当个区域的规则
firewall-cmd --list-all --zone public
3、开放端口
3.1 临时增加 (reload
之后消失):不需要reload
firewall-cmd --add-port=7777/tcp
3.2 永久增加 :reload
后生效
firewall-cmd --permanent --add-port=7777/tcp
firewall-cmd --reload
备注:永久生效标志 permanent
4、删除端口
firewall-cmd --remove-port=7777/tcp
###或者
firewall-cmd --permanent --remove-port=7777/tcp
firewall-cmd --reload
5、开发端口且限制IP
####添加:
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.2.1" port protocol="tcp" port="7777" accept"
systemctl restart firewalld
#####移除
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.2.1" port protocol="tcp" port="7777" accept"
systemctl restart firewalld
6、允许某个ip访问当前服务器的一切,类似于白名单
####添加
firewall-cmd --permanent --zone=trusted --add-source=192.168.2.1
systemctl restart firewalld;
####查询当前区域的所有规则:
firewall-cmd --list-all-zones
###移除
firewall-cmd --permanent --zone=trusted --remove-source=192.168.2.101
###查询当前区域的所有规则:
firewall-cmd --list-all-zones