1. 查看防火墙服务是否启动
firewall-cmd --state
2. 查看已经开放的防火墙端口
firewall-cmd --list-ports
3. 开放防火墙端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
- zone:作用域
- add-port=80/tcp 添加端口,格式为:端口/通讯协议
- permanent:永久生效,没有此参数,就重启失败
4. 重启防火墙
firewall-cmd --reload
5. 防火墙管理脚本
#!/bin/bash
echo "请输入需要执行的防火墙操作:"
echo "1-查看防火墙状态"
echo "2-查看已开放端口"
echo "3-开放指定的端口"
echo "4-重启防火墙服务"
echo "5-关闭指定的端口"
read -t 20 -p "请输入:" selection
case ${selection} in
"1")
firewall-cmd --state
;;
"2")
firewall-cmd --list-ports
;;
"3")
read -t 20 -p "请输入指定端口号:" prt
echo ""
echo "端口开放..."
firewall-cmd --zone=public --add-port=${prt}/tcp --permanent
echo "端口${prt}开放成功!"
echo ""
echo "重启防火墙服务..."
firewall-cmd --reload
echo "服务重启成功!"
echo ""
;;
"4")
echo ""
echo "重启防火墙服务..."
firewall-cmd --reload
echo "服务重启成功!"
echo ""
;;
"5")
read -t 20 -p "请输入指定端口号:" prt
echo ""
echo "端口关闭..."
firewall-cmd --zone=public --remove-port=${prt}/tcp --permanent
echo "端口${prt}关闭成功!"
echo ""
echo "重启防火墙服务..."
firewall-cmd --reload
echo "服务重启成功!"
echo ""
;;
esac
6. 端口批量管理
- 之前的端口开启和关闭一次只能操作一个,因此写了一个可以批量管理的脚本
#!/bin/bash
echo "请输入需要执行的防火墙操作:"
echo "1-查看防火墙状态"
echo "2-查看已开放端口"
echo "3-开放指定的端口"
echo "4-重启防火墙服务"
echo "5-关闭指定的端口"
read -t 20 -p "请输入:" selection
case ${selection} in
"1")
firewall-cmd --state
;;
"2")
firewall-cmd --list-ports
;;
"3")
read -t 20 -p "请输入指定端口号:" prt
IFS=" "
array=(${prt})
for elem in "${array[@]}"
do
echo ""
echo "端口开放..."
firewall-cmd --zone=public --add-port=${elem}/tcp --permanent
echo "端口${elem}开放成功!"
echo ""
done
echo "重启防火墙服务..."
firewall-cmd --reload
echo "服务重启成功!"
echo ""
;;
"4")
echo ""
echo "重启防火墙服务..."
firewall-cmd --reload
echo "服务重启成功!"
echo ""
;;
"5")
read -t 20 -p "请输入指定端口号:" prt
IFS=" "
array=(${prt})
for elem in "${array[@]}"
do
echo ""
echo "端口关闭..."
firewall-cmd --zone=public --remove-port=${elem}/tcp --permanent
echo "端口${elem}关闭成功!"
echo ""
done
echo "重启防火墙服务..."
firewall-cmd --reload
echo "服务重启成功!"
echo ""
;;
esac