centos 7已经使用firewalld 取代 iptables 了,下面简单记录下firewalld的操作笔记
- 启动
systemctl start firewalld.service
- 停止firewall
systemctl stop firewalld.service
- 禁用firewall
systemctl disable firewalld.service
- 查看默认防火墙状态
firewall-cmd --state
启动错误
Failed to start firewalld.service: Unit firewalld.service is masked.
systemctl unmask firewalld.service
- 添加端口80
firewall-cmd --zone=public --add-port=80/tcp --permanent
- 检查是否生效
firewall-cmd --zone=public --query-port=80/tcp
–permanent 重启不失效
- 更新防火墙规则:
firewall-cmd --reload
- 列出所有开放的端口
firewall-cmd --list-all