1、查看防火墙状态
[root@iZ8vbciohf6qk012n31f13Z ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Tue 2021-12-28 22:26:18 CST; 1 weeks 0 days ago
Docs: man:firewalld(1)
Main PID: 12923 (firewalld)
Tasks: 3 (limit: 11412)
Memory: 35.3M
CGroup: /system.slice/firewalld.service
└─12923 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Dec 28 22:26:18 iZ8vbciohf6qk012n31f13Z systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 28 22:26:18 iZ8vbciohf6qk012n31f13Z systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 28 22:26:19 iZ8vbciohf6qk012n31f13Z firewalld[12923]: WARNING: AllowZoneDrifting is enabled. This is considered >
Dec 28 22:47:37 iZ8vbciohf6qk012n31f13Z firewalld[12923]: WARNING: AllowZoneDrifting is enabled. This is considered >
Jan 04 22:37:50 iZ8vbciohf6qk012n31f13Z firewalld[12923]: WARNING: AllowZoneDrifting is enabled. This is considered >
lines 1-15/15 (END)
或者
[root@iZ8vbciohf6qk012n31f13Z ~]# firewall-cmd --state
running
2、查看已开放的端口
[root@iZ8vbciohf6qk012n31f13Z ~]# firewall-cmd --list-ports
8080/tcp 8800/tcp
[root@iZ8vbciohf6qk012n31f13Z ~]#
3、开启防火墙
[root@iZ8vbciohf6qk012n31f13Z ~]# systemctl start firewalld
4、开放端口
firewall-cmd --zone=public --add-port=8800/tcp --permanent
命令含义:
--zone #作用域
--add-port=8800/tcp #添加端口,格式为:端口/通讯协议
--permanent #永久生效,没有此参数重启后失效
最后一定要重启防火墙才能生效
5、重启防火墙
[root@iZ8vbciohf6qk012n31f13Z ~]# firewall-cmd --reload
success
[root@iZ8vbciohf6qk012n31f13Z ~]#
如果设置端口报错,则切换root账户
-bash-4.2$ firewall-cmd --zone=public --add-port=1935/tcp --permanent
Authorization failed.
Make sure polkit agent is running or run the application as superuser.
-bash-4.2$