启动
systemctl start firewalld
关闭
systemctl stop firewalld
查看状态
systemctl status firewalld
开机禁用
systemctl disable firewalld
开机启用
systemctl enable firewalld
查看所有打开的端口
firewall-cmd --zone=public --list-ports
查看防火墙配置
firewall-cmd --list-all
更新防火墙规则
firewall-cmd --reload
添加端口开放
firewall-cmd --zone=public --add-port=80/tcp --permanent
删除端口开放
firewall-cmd --zone=public --remove-port=80/tcp --permanent
针对某个IP开放端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="6379" accept"
删除针对某个IP开放端口规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept"
针对某个IP开放指定的端口段
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="30000-31000" accept"
针对某个IP开放所有端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" accept"
添加服务
firewall-cmd --add-service=<service name>
移除服务
firewall-cmd --remove-service=<service name>
允许协议(例:icmp,即允许ping)
firewall-cmd --add-protocol=<protocol>
取消协议
firewall-cmd --remove-protocol=<protocol>
