1、firewall防火墙配置
systemctl status firewalld # 查看防火墙状态
systemctl start firewalld # 开启防火墙
systemctl enable firewalld # 启用防火墙
systemctl disable firewalld # 禁用防火墙
systemctl stop firewalld # 关闭防火墙
systemctl restart firewalld.service # 重启防火墙
2、添加某个ip 访问某个端口
--permanent #永久生效,没有此参数重启后失效
--zone #作用域
firewall-cmd --permanent --add-rich-rule="rule family"=ipv4" source address="192.168.1.1/24" port protocol="tcp" port="6666" accept"
3、添加某个ip 访问某个服务
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" service name="http" accept"
4、删除某个ip 访问某个端口
把add换成remove
firewall-cmd --permanent --remove-rich-rule="rule family"=ipv4" source address="192.168.1.1/24" port protocol="udp" port="6666" accept"
5、防火墙查看重载策略
firewall-cmd --list-all 查看当前策略
firewall-cmd --reload 每次添加策略重载防火墙策略