- 启动与停止及相关
启动: systemctl start firewalld
查状态:systemctl status firewalld
禁用: systemctl disable firewalld
停止: systemctl stop firewalld
To make firewalld start automatically at system start:
设置自动启动:
$ sudo systemctl enable firewalld
- firewall-cmd --reload 重新加载
- firewall-cmd --list-all 查看所有规则
- firewall-cmd --list-rich-rules 查看所有复杂规则
- 删除规则
firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address=172.25.67.118 port port=27017 protocol=tcp accept'
- 查看允许的服务:
$ firewall-cmd --list-services
- 查看端口是否通信:nc -zv 172.25.6118 27019
- 允许指定主机访问指定端口
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=172.25.67.119 port port=27018 protocol=tcp accept'
- 允许所有主机访问指定端口
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port=27018 protocol=tcp accept'
- 开启与关闭指定端口
以80端口为例,开放80端口
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --reload
以80端口为例,关闭80端口
firewall-cmd --remove-port=80/tcp --permanent
firewall-cmd --reload
- 关于service的防火墙配置
获取service信息
firewall-cmd --permanent --info-service=ssh
获取service允许的ports
firewall-cmd --permanent --service=ssh --get-ports
删除port(此方法可以关闭服务的开放端口)
firewall-cmd --permanent --service=ssh --remove-port=22/tcp
添加port
firewall-cmd --permanent --service=ssh --add-port=22/tcp
删除service
firewall-cmd --permanent --delete-service=ssh