2020-03-30 关于centos7 firewalld命令

firewall命令解释

基本启动命令

systemctl status firewalld >>>查看状态

systemctl start firewalld >>>启动

systemctl stop firewalld >>>关闭

systemctl enable firewalld >>>开机启动

systemctl disable firewalld >>>取消开机启动

常用命令

firewall-cmd --get-active-zones >>>查看激活的域

firewall-cmd --zone=public --list-ports >>>查看开放的端口

firewall-cmd --zone=public --list-rich-rules >>>查看添加的规则

添加端口

firewall-cmd --zone=public --add-port=80/tcp --permanent >>>永久开放80端口

firewall-cmd --zone=public --add-port=8001-8010/tcp --permanent >>>范围开放端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.21.166" port protocol="tcp" port="5432" accept" >>>允许192.168.21.166访问5432端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.21.166" port protocol="tcp" port="5432" reject" >>>拒绝192.168.21.166访问5432端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.21.0/24" accept" >>>允许192.168.21.0网段访问5432端口

删除规则

firewall-cmd --zone=public--remove-port=80/tcp--permanent >>>移除端口

firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="11300" accept" >>>删除这条规则

添加服务

firewall-cmd --get-service >>>查看全部支持服务

firewall-cmd --list-service >>>查看开放的服务

firewall-cmd --add-service=https--permanent >>>添加服务,添加https

重新加载配置

firewall-cmd --reload >>>修改规则后，必须reload才会生效