1.查看防火墙开通的端口
firewall-cmd --list-all
firewall-cmd --zone=public --list-ports
2.查看防火墙规则
iptables -nL --list-number
3.查看防火墙状态
systemctl status firewalld
4.启动防火墙
systemctl start firewalld
5.开启防火墙规则80
firewall-cmd --permanent --add-port=80/tcp或firewall-cmd --zone=public
--add-port=80/tcp
--permanent(
永久生效
)
6.删除防火墙规则
firewall-cmd --zone=public --remove-port=80/tcp --permanent 或firewall-cmd --permanent --remove-port=80/tcp
7.启动防火墙服务
systemctl start firewalld.service
8.更新防火墙规则
firewall-cmd --reload
9.只允许服务器192.168.1.1/24网段的3306端口能访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"
10.开机自启
systemctl enable firewalld
11.取消开机自启
systemctl disable firewalld