开放访问端口
firewall-cmd —permanent —zone=public —add-port=22/tcp
firewall-cmd —permanent —zone=public —add-port=25066/tcp
firewall-cmd —permanent —zone=public —add-port=80/tcp
firewall-cmd —permanent —zone=public —add-port=443/tcp
firewall-cmd —permanent —zone=public —add-port=514/tcp
firewall-cmd —permanent —zone=public —add-port=514/udp
firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”172.16.0.0/16” accept’
禁止IP段访问
firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”123.10.0.0/16” drop’
禁止主机
firewall-cmd —permanent —add-rich-rule=’rule family=ipv4 source address=”18.140.25.172” drop’
查看开放端口
firewall-cmd —reload && firewall-cmd —zone=public —list-ports
查看防火墙规则
firewall-cmd —list-all
查看防火墙默认使用区域
firewall-cmd —get-default-zone
firewall-cmd —get-active-zones
查看可用区
firewall-cmd —get-zones
查看指定区域配置
firewall-cmd —zone=internal —list-all
重新加载配置文件
firewall-cmd —reload
关闭访问端口
firewall-cmd —permanent —remove-port=5900/tcp
firewall-cmd —zone=public —remove-service=libvirt
拒绝所有流量,远程连接会立即断开,只有本地能登陆
firewall-cmd —panic-on
取消应急模式,但需要重启firewalld后才可以远程ssh
firewall-cmd —panic-off
查看是否为应急模式
firewall-cmd —query-panic