防火墙服务

开启、关闭、重启防火墙服务、查看防火墙服务状态:

  1. systemctl start firewalld
  2. systemctl stop firewalld
  3. systemctl restart firewalld
  4. systemctl status firewalld

firewall-cmd 基本使用

  1. [root@localhost ~]# firewall-cmd --state # 查看防火墙状态
  2. running
  3. [root@localhost ~]# firewall-cmd --list-all # 列出防火墙规则
  4. public (active)
  5. target: default
  6. icmp-block-inversion: no
  7. interfaces: eth0
  8. sources:
  9. services: dhcpv6-client ssh
  10. ports: 550/tcp 9000/tcp 1080/tcp 1080/udp
  11. protocols:
  12. masquerade: no
  13. forward-ports:
  14. source-ports:
  15. icmp-blocks:
  16. rich rules:
  17. [root@localhost ~]# firewall-cmd --permanent --query-port=1080/tcp # 查询端口是否放通
  18. yes
  19. [root@localhost ~]# firewall-cmd --permanent --add-port=1080/udp # 放通端口
  20. success
  21. [root@localhost ~]# firewall-cmd --permanent --remove-port=1080/udp # 关闭端口
  22. success
  23. [root@localhost ~]# firewall-cmd --reload # 重启防火墙
  24. success

:::warning 注:修改配置后要重启防火墙才生效! ::: :::info 说明:

  • firewall-cmd:是 Linux 提供的操作防火墙的一个工具;
  • --permanent:表示永久设置。若没有此参数,则重启后失效。 :::

    查看区域信息

    1. firewall-cmd --get-active-zones
    2. firewall-cmd --list-all-zones

    设置 ip 白名单

    ```shell

    开启某个端口(指定IP可访问)

    firewall-cmd —permanent —zone=public —add-rich-rule=”rule family=”ipv4” source address=”10.1.1.14/32” port protocol=”tcp” port=”80” accept”

删除策略

firewall-cmd —permanent —zone=public —remove-rich-rule=”rule family=”ipv4” source address=”10.1.1.14/32” port protocol=”tcp” port=”80” accept” ```