1、防火墙状态及规则
1.1、查看防火墙状态:firewall-cmd --state
[root@localhost ~]# firewall-cmd --state
running
[root@localhost ~]#1.2、查看防火墙:firewall-cmd --list-all
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client http
ports: 999/tcp
protocols:
# ...1.3、更新防火墙规则:firewall-cmd --reload
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]#2、端口
2.1、临时增加(reload之后消失):不需要reload
[root@localhost ~]# firewall-cmd --add-port=999/tcp
success2.2、永久增加:reload后生效
[root@localhost ~]# firewall-cmd --permanent --add-port=999/tcp
success2.3、临时删除端口:reload后消失
[root@localhost ~]# firewall-cmd --remove-port=999/tcp
success2.4、永久删除端口:reload后生效
[root@localhost ~]# firewall-cmd --permanent --remove-port=999/tcp
success2.5、查询端口
[root@localhost ~]# firewall-cmd --query-port=999/tcp
yes
[root@localhost ~]#2.6、查看所有放行的端口:
[root@localhost ~]# firewall-cmd --permanent --add-port=999/tcp
success3、IP
3.1、防火墙添加允许访问的IP
注:添加允许访问的IP后,需要reload才能生效
[root@localhost logs]# firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.45.2.35" accept' --permanent
success
[root@localhost logs]# firewall-cmd --reload
success4、服务
4.1、防火墙服务的状态
[root@localhost ~]# systemctl status firewalld.service4.2、启动/关闭防火墙
[root@localhost ~]# systemctl stop firewalld.service
[root@localhost ~]# systemctl start firewalld.service4.3、获取所有支持的服务
[root@localhost ~]# firewall-cmd --get-services4.4、增加服务(临时增加)
[root@localhost ~]# firewall-cmd --add-service=https
success4.5、删除服务(临时删除)
[root@localhost ~]# firewall-cmd --query-service=https
yes4.6、查询服务
[root@localhost ~]# firewall-cmd --query-service=https
yes
[root@localhost ~]#4.7、增加服务(永久)
[root@localhost bin]# firewall-cmd --permanent --add-service=http
success4.8、删除服务(永久)
[root@localhost bin]# firewall-cmd --permanent --remove-service=ssh
success参考:
1、防火墙:firewall-cmd命令
https://blog.csdn.net/weixin_44256848/article/details/121094904