开放访问端口

firewall-cmd —permanent —zone=public —add-port=22/tcp

firewall-cmd —permanent —zone=public —add-port=25066/tcp

firewall-cmd —permanent —zone=public —add-port=80/tcp
firewall-cmd —permanent —zone=public —add-port=443/tcp

firewall-cmd —permanent —zone=public —add-port=514/tcp
firewall-cmd —permanent —zone=public —add-port=514/udp

firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”172.16.0.0/16” accept’

禁止IP段访问

firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”123.10.0.0/16” drop’

禁止主机

firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”18.140.25.172” drop’

查看开放端口

firewall-cmd —reload && firewall-cmd —zone=public —list-ports

查看防火墙规则

firewall-cmd —list-all

查看防火墙默认使用区域

firewall-cmd —get-default-zone

firewall-cmd —get-active-zones

查看可用区

firewall-cmd —get-zones

查看指定区域配置

firewall-cmd —zone=internal —list-all

重新加载配置文件

firewall-cmd —reload

关闭访问端口

firewall-cmd —permanent —remove-port=5900/tcp

firewall-cmd —zone=public —remove-service=libvirt

拒绝所有流量，远程连接会立即断开，只有本地能登陆
firewall-cmd —panic-on

取消应急模式，但需要重启firewalld后才可以远程ssh

firewall-cmd —panic-off

查看是否为应急模式

firewall-cmd —query-panic