systemctl start firewalld
systemctl restart firewalld
systemctl stop firewalld
查看所有打开的端口
firewall-cmd --zone=public --list-ports
firewall-cmd --list-ports
firewall-cmd --zone=public --add-port=80/tcp

systemctl start firewalld
firewall-cmd --add-port=22/tcp --permanent
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=8000-9999/tcp --permanent
firewall-cmd --add-port=80/tcp --permanent
systemctl restart firewalld
firewall-cmd --list-ports

firewall-cmd --add-port=3306/tcp --permanent
firewall-cmd --add-port=6379/tcp --permanent
systemctl restart firewalld
firewall-cmd --list-ports

示例:
firewall-cmd --state 查看是否运行
firewall-cmd --reload 重新载入
firewall-cmd --get-zones 列出所有工作zone
firewall-cmd --get-services 列出服务
firewall-cmd --get-active-zones 活动服务
firewall-cmd --zone=public --change-interface=eno16777736 更改zone
firewall-cmd --panic-on
firewall-cmd --panic-off


firewall-cmd --zone=work --add-service=ssh
firewall-cmd --zone=work --remove-service=ssh
firewall-cmd --zone=work --add-port=80/tcp
firewall-cmd --zone=work --add-port=10021-10299/tcp 
firewall-cmd --zone=work --remove-port=80/tcp
 
无--zone直接添加
firewall-cmd --add-port=22/tcp --permanent
firewall-cmd --add-port=8000-9999/tcp --permanent
firewall-cmd --remove-port=21/tcp --permanent


firewall-cmd &nbsp;--add-service=mariadb &nbsp;--permanent<span class="Apple-tab-span" style="white-space:pre">    </span>添加服务


上面是临时配置,系统重启后会失效。
如果加上参数--permanent,就会永久配置,重启后依然有效。




【全部命令】
firewall-cmd --state


shows if FirewallD is running


firewall-cmd --reload


reloads the firewall


firewall-cmd --get-zones


lists all the defined zones


firewall-cmd --get-services


lists all the supported services


firewall-cmd --get-active-zones


lists all the active zones


firewall-cmd [--zone=] --add-interface=


adds interface to the zone


firewall-cmd [--zone=] --change-interface=


change interface to zone


firewall-cmd [--zone=] --remove-interface=


removes interface from the zone


firewall-cmd --panic-on


enables panic mode blocking all network connections


firewall-cmd --panic-off


disables panic mode


firewall-cmd [--zone=] --add-service= [--timeout=]


adds a service to a zone


firewall-cmd [--zone=] --remove-service= [--timeout=]


remove service from a zone


firewall-cmd [--zone=] --add-port=[-]/ [--timeout=]


adds a port to a zone


firewall-cmd [--zone=] --remove-port=[-]/ [--timeout=]


removes a port from a zone


firewall-cmd [--zone=] --add-masquerade


adds masquerade to a zone


firewall-cmd [--zone=] --remove-masquerade


removes masquerade from a zone