linux rocky9.3
firewall开机自启
systemctl start firewalld
systemctl enable firewalld
firewall状态查询
systemctl status firewalld
开放端口
firewall-cmd --zone=public --add-port=xxx/tcp --permanent
关闭端口
firewall-cmd --zone=public --remove-port=xxx/tcp --permanent
重加载
firewall-cmd --reload
查看是否生效
firewall-cmd --zone=public --query-port=xxx/tcp
firewall-cmd --zone=public --list-ports
规则设置
开放IP为192.168.1.0的地址允许访问xxx端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0" port protocol="tcp" port="xxx" accept"
firewall-cmd --reload
查看已经设置的规则
firewall-cmd --zone=public --list-rich-rules
限制IP为192.168.1.0的地址禁止访问xxx端口即禁止访问机器
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0" port protocol="tcp" port="xxx" reject"
firewall-cmd --reload
删除已设置规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address=" 192.168.1.0" port protocol="tcp" port="xxx" accept"
firewall-cmd --reload