基础
查看所有开放端口
firewall-cmd --list-ports
查看所有规则列表
firewall-cmd --list-all
查看单个端口
firewall-cmd --query-port=80/tcp
开放/关闭本机指定端口
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --remove-port=80/tcp --permanent
如何批量开放端口¿¿
firewall-cmd --add-port=100-500/tcp --permanent
–add-port=80/tcp 开放端口及类型
–remove-port=80/tcp 关闭端口
–permanent 永久生效
注意,修改完后要重启下firewalld
systemctl restart firewalld
或者
firewall-cmd --reload
进阶
允许192.168.100.0/24网段ip访问80端口
firewall-cmd --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="80" accept" --permanent
删除规则
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens32
sources:
services: ssh dhcpv6-client
ports: 80/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: #这些事已经写好的规则 删除的话 选择删除即可 删除记得加 --permanent
rule family="ipv4" source address="192.168.0.200" port port="80" protocol="tcp" reject
rule family="ipv4" source address="192.168.0.200" port port="80" protocol="tcp" accept
rule family="ipv4" source address="192.168.100.0/24" port port="80" protocol="tcp" accept
firewall-cmd --remove-rich-rule '【这里填具体的规则】' --permanent
firewall-cmd --remove-rich-rule 'rule family="ipv4" source address="192.168.100.0/24" port port="80" protocol="tcp" accept' --permanent