firewall 简单使用

1,显示所有配置
firewall-cmd  --list-all-zones

2,重新加载配置
firewall-cmd --reload

3,从public移除 interface
firewall-cmd --zone=public  --remove-interface=eno16777736

4,查询外网端口
firewall-cmd --permanent --query-port=8080/tcp

5,删除8080端口，禁止外网访问
firewall-cmd --permanent --remove-port=8080/tcp 

6,添加8080端口，供外网访问
firewall-cmd --permanent --add-port=8080/tcp 

7,重启防火墙
systemctl restart firewalld
8,将发往80端口的请求转发到8080
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
9，查看一下防火墙现在开启了哪些服务和端口
[root@localhost ~]# firewall-cmd --list-all
public (default, active)
  interfaces: eno16777736
  sources: 
  services: dhcpv6-client ssh
  ports: 8080/tcp
  masquerade: no
  forward-ports: port=80:proto=tcp:toport=8080:toaddr=
  icmp-blocks: 
  rich rules: 
10,设置默认的zone
irewall-cmd --get-default-zone
firewall-cmd --set-default-zone=trusted