1 查看防火墙的状态,开启,关闭
查看防火墙状态:
systemctl status firewalld
开启防火墙:systemctl start firewalld
关闭防火墙:systemctl stop firewalld
设置开机启用防火墙:
systemctl enable firewalld.service
查看防火墙服务是否开机自启:
systemctl is-enabled firewalld.service
设置开机禁用防火墙:
systemctl disable firewalld.service
查看服务是否开机禁用:
systemctl is-enabled firewalld.service
2 开启关闭某防火墙端口
查看防火墙某个端口是否打开:
firewall-cmd --query-port=9527/tcp
查看防火墙开放的端口:
firewall-cmd --list-ports
开放某个端口:
firewall-cmd --zone=public --add-port=9527/tcp --permanent
命令含义:
–zone #作用域
–add-port=9200/tcp #添加端口,格式为:端口/通讯协议
–permanent #永久生效,没有此参数重启后失效
注意:添加端口后,必须用命令firewall-cmd --reload重新加载一遍才会生效
重新加载配置:firewall-cmd --reload
查看防火墙开放的端口:firewall-cmd --list-ports
关闭某个端口:
firewall-cmd --zone=public --remove-port=9200/tcp --permanent
重新加载配置:firewall-cmd --reload
查看防火墙开放的端口:firewall-cmd --list-ports
指定ip开放某个端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept"
重新加载配置:firewall-cmd --reload
查看某个端口开放的IP:
firewall-cmd --list-rich-rules | grep 3306
查看所有端口开放的IP:
firewall-cmd --list-rich-rules
指定ip关闭某个端口
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.120" port protocol="tcp" port="3306" accept"
重新加载配置:firewall-cmd --reload
查看某个端口开放的IP:
firewall-cmd --list-rich-rules | grep 3306
查看所有端口开放的IP:
firewall-cmd --list-rich-rules
连续端口开放:
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3111-3114" accept"
重新加载配置:firewall-cmd --reload
查看:firewall-cmd --list-rich-rules | grep 192.168.1.100
ip网段开放端口:
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="3306" accept"
重新加载配置:firewall-cmd --reload
查看:firewall-cmd --list-rich-rules | grep 192.168.1.0
3 防火墙启动时错误解决
Unit firewalld.service could not be found. 说明防火墙没有安装,需要安装
安装防火墙:
yum install firewalld firewall-config
启动firewalld失败和解决
报错内容;
解决:
yum update
systemctl restart dbus
systemctl restart firewalld
