// 查看防火墙状态
systemctl status firewalld
// 开启防火墙
systemctl start firewalld
// 开机启动
systemctl enable firewalld
// 开机关闭
systemctl disable firewalld
// 查询打开的端口
firewall-cmd –zone=public –list-ports
//关闭端口9002
firewall-cmd –zone=public –remove-port=9002/tcp –permanent
//重新载入一下防火墙设置,使设置生效
firewall-cmd –reload
// 允许ip172.27.0.45访问9002端口
firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”172.27.0.45″ port protocol=”tcp” port=”9002″ accept”
//重新载入一下防火墙设置,使设置生效
firewall-cmd –reload
//查看已设置规则
firewall-cmd –zone=public –list-rich-rules
查看
firewall-cmd –zone= public –query-port=80/tcp
删除
firewall-cmd –zone= public –remove-port=80/tcp –permanent
批量开放或限制端口
批量开放端口,如从9002到9005这之间的端口我们全部要打开
firewall-cmd –zone=public –add-port=9002-9005/tcp –permanent
firewall-cmd –reload
批量限制端口为
firewall-cmd –zone=public –remove-port=9002-9005/tcp –permanent
firewall-cmd –reload
开放或限制ip(设置规则)
开放IP为172.27.0.0的地址允许访问9002端口
firewall-cmd –permanent –add-rich-rule=“rule family=“ipv4” source address=“172.27.0.0” port protocol=“tcp” port=“9002” accept”
限制IP为172.27.0.0的地址禁止访问9002端口即禁止访问机器
firewall-cmd –permanent –add-rich-rule=“rule family=“ipv4” source address=“172.27.0.0” port protocol=“tcp” port=“9002” reject”
删除已设置规则
firewall-cmd –permanent –remove-rich-rule=“rule family=“ipv4” source address=” 192.168.0.0″ port protocol=“tcp” port=“9001” accept”
查看端口开放情况
firewall-cmd –list-all
firewall-cmd –zone= public –query-port=80/tcp
