systemctl start firewalld
systemctl restart firewalld
systemctl stop firewalld
查看所有打开的端口
firewall-cmd --zone=public --list-ports
firewall-cmd --list-ports
firewall-cmd --zone=public --add-port=80/tcp
systemctl start firewalld
firewall-cmd --add-port=22/tcp --permanent
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=8000-9999/tcp --permanent
firewall-cmd --add-port=80/tcp --permanent
systemctl restart firewalld
firewall-cmd --list-ports
firewall-cmd --add-port=3306/tcp --permanent
firewall-cmd --add-port=6379/tcp --permanent
systemctl restart firewalld
firewall-cmd --list-ports
示例:
firewall-cmd --state 查看是否运行
firewall-cmd --reload 重新载入
firewall-cmd --get-zones 列出所有工作zone
firewall-cmd --get-services 列出服务
firewall-cmd --get-active-zones 活动服务
firewall-cmd --zone=public --change-interface=eno16777736 更改zone
firewall-cmd --panic-on
firewall-cmd --panic-off
firewall-cmd --zone=work --add-service=ssh
firewall-cmd --zone=work --remove-service=ssh
firewall-cmd --zone=work --add-port=80/tcp
firewall-cmd --zone=work --add-port=10021-10299/tcp
firewall-cmd --zone=work --remove-port=80/tcp
无--zone直接添加
firewall-cmd --add-port=22/tcp --permanent
firewall-cmd --add-port=8000-9999/tcp --permanent
firewall-cmd --remove-port=21/tcp --permanent
firewall-cmd --add-service=mariadb --permanent<span class="Apple-tab-span" style="white-space:pre"> </span>添加服务
上面是临时配置,系统重启后会失效。
如果加上参数--permanent,就会永久配置,重启后依然有效。
【全部命令】
firewall-cmd --state
shows if FirewallD is running
firewall-cmd --reload
reloads the firewall
firewall-cmd --get-zones
lists all the defined zones
firewall-cmd --get-services
lists all the supported services
firewall-cmd --get-active-zones
lists all the active zones
firewall-cmd [--zone=] --add-interface=
adds interface to the zone
firewall-cmd [--zone=] --change-interface=
change interface to zone
firewall-cmd [--zone=] --remove-interface=
removes interface from the zone
firewall-cmd --panic-on
enables panic mode blocking all network connections
firewall-cmd --panic-off
disables panic mode
firewall-cmd [--zone=] --add-service= [--timeout=]
adds a service to a zone
firewall-cmd [--zone=] --remove-service= [--timeout=]
remove service from a zone
firewall-cmd [--zone=] --add-port=[-]/ [--timeout=]
adds a port to a zone
firewall-cmd [--zone=] --remove-port=[-]/ [--timeout=]
removes a port from a zone
firewall-cmd [--zone=] --add-masquerade
adds masquerade to a zone
firewall-cmd [--zone=] --remove-masquerade
removes masquerade from a zone