1.查看firewall的状态
firewall-cmd --state
或者使用下面指令
systemctl status firewalld.service
2.安装防火墙
yum install firewalld
3.启动防火墙
systemctl start firewalld
或者使用下面指令
systemctl start firewalld.service
4.设置开机启动
systemctl enable firewalld
5.关闭防火墙
systemctl stop firewalld
6.取消开机启动
systemctl disable firewalld
7.禁止某个IP访问机器(123.56.161.140)
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.161.140" drop'
8.禁止一个IP段,比如禁止123.56.*.*
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.0.0/16" drop'
9.禁止一个IP段,比如禁止123.56.161.*
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.161.0/24" drop'
10.禁止机器IP(123.56.161.140)从防火墙中删除
firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address="123.56.161.140" drop'
11.允许http服务(对应服务策略目录:/usr/lib/firewalld/services/)
firewall-cmd --permanent --add-service=http
12.关闭http服务(对应服务策略目录:/usr/lib/firewalld/services/)
firewall-cmd --permanent --remove-service=http
13.允许端口:3389
firewall-cmd --permanent --add-port=3389/tcp
14.允许端口:1-3389
firewall-cmd --permanent --add-port=1-3389/tcp
15.关闭放行中端口:3389
firewall-cmd --permanent --remove-port=3389/tcp
16.查看防火墙规则(只显示/etc/firewalld/zones/public.xml中防火墙策略,在配置策略前,我一般喜欢先CP,以后方便直接还原)
firewall-cmd --list-all
17.查看所有的防火墙策略(即显示/etc/firewalld/zones/下的所有策略)
firewall-cmd --list-all-zones
18.重新加载配置文件
firewall-cmd --reload
19.更改配置后一定要重新加载配置文件:
firewall-cmd --reload