1.查看firewall的状态
firewall-cmd --state或者使用下面指令
systemctl status firewalld.service2.安装防火墙
yum install firewalld3.启动防火墙
systemctl start firewalld或者使用下面指令
systemctl start firewalld.service4.设置开机启动
systemctl enable firewalld5.关闭防火墙
systemctl stop firewalld6.取消开机启动
systemctl disable firewalld7.禁止某个IP访问机器(123.56.161.140)
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.161.140" drop'8.禁止一个IP段,比如禁止123.56.*.*
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.0.0/16" drop'9.禁止一个IP段,比如禁止123.56.161.*
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="123.56.161.0/24" drop'10.禁止机器IP(123.56.161.140)从防火墙中删除
firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address="123.56.161.140" drop'11.允许http服务(对应服务策略目录:/usr/lib/firewalld/services/)
firewall-cmd --permanent --add-service=http12.关闭http服务(对应服务策略目录:/usr/lib/firewalld/services/)
firewall-cmd --permanent --remove-service=http13.允许端口:3389
firewall-cmd --permanent --add-port=3389/tcp14.允许端口:1-3389
firewall-cmd --permanent --add-port=1-3389/tcp15.关闭放行中端口:3389
firewall-cmd --permanent --remove-port=3389/tcp16.查看防火墙规则(只显示/etc/firewalld/zones/public.xml中防火墙策略,在配置策略前,我一般喜欢先CP,以后方便直接还原)
firewall-cmd --list-all 17.查看所有的防火墙策略(即显示/etc/firewalld/zones/下的所有策略)
firewall-cmd --list-all-zones 18.重新加载配置文件
firewall-cmd --reload19.更改配置后一定要重新加载配置文件:
firewall-cmd --reload