#安装firewalld防火墙 yum install firewalld # 开启防火墙 systemctl start firewalld.service # 防火墙开机启动 systemctl enable firewalld.service # 关闭防火墙 systemctl stop firewalld.service # 查看防火墙状态 firewall-cmd --state # 查看现有的规则 iptables -nL # 重载防火墙配置 firewall-cmd --reload # 添加单个单端口 firewall-cmd --permanent --zone=public --add-port=81/tcp # 添加多个端口 firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp # 删除某个端口 firewall-cmd --permanent --zone=public --remove-port=81/tcp #封禁ip firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='222.222.222.222' reject" firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='222.222.222.0/24' reject" # 针对某个 IP开放端口 firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.142.166' port protocol='tcp' port='6379' accept" firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.0.233' accept" # 删除某个IP firewall-cmd --permanent --remove-rich-rule="rule family='ipv4' source address='192.168.1.51' accept" # 针对一个ip段访问 firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.0.0/16' accept" firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' port protocol='tcp' port='9200' accept" # 添加操作后别忘了执行重载 firewall-cmd --reload
转载请注明:Terry's blog » firewall-cmd常用命令