RHEL7/CentOS7下的firewalld基础用法
启动/停止/查看 firewalld service
# systemctl start firewalld.service
# systemctl stop firewalld.service
# systemctl status firewalld.service
开机启动
# systemctl enable firewalld
禁用
# systemctl disable firewalld
查看版本: firewall-cmd --version
查看帮助: firewall-cmd --help
显示状态: firewall-cmd --state
查看所有打开的端口: firewall-cmd --zone=public --list-ports
更新防火墙规则: firewall-cmd --reload
查看区域信息: firewall-cmd --get-active-zones
查看指定接口所属区域: firewall-cmd --get-zone-of-interface=eth0
拒绝所有包:firewall-cmd --panic-on
取消拒绝状态: firewall-cmd --panic-off
查看是否拒绝: firewall-cmd --query-panic
To list details of default and active zones
# firewall-cmd --get-default-zone
# firewall-cmd --get-active-zones
# firewall-cmd --list-all
To add/remove interfaces to zones
把网卡为 "eth1" 添加到 "public" zone.
# firewall-cmd --zone=public --change-interface=eth1
添加开放端口 (--permanent永久生效,没有此参数重启后失效)
firewall-cmd --add-port=[YOUR PORT]/tcp
firewall-cmd --add-port=22/tcp
firewall-cmd --zone=public --add-port=8090/tcp
指定 192.168.5.20 192.168.5.22 192.168.6.80访问本机的6379端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.5.20" port protocol="tcp" port="6379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.5.22" port protocol="tcp" port="6379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.6.80" port protocol="tcp" port="6379" accept"
查看配置结果
firewall-cmd --list-all
删除规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.5.20" port protocol="tcp" port="6379" accept"
指定的IP开放指定的端口段
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.5.20" port protocol="tcp" port="8090-8099" accept"
添加指定端口范围
firewall-cmd --zone=public --add-port=10000-20000/udp --permanent
https://firewalld.org/
评论