-- TOC --
列出所有firewall的生效规则:
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client
ports: 80/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
这个信息,是当前运行状态下的已经生效的信息,如果配置没有reload,就不会显示出来。
firewall启停:
$ systemctl start firewalld.service
$ systemctl stop firewalld.service
$ systemctl restart firewalld.service
$ systemctl status firewalld.service
$ systemctl enable firewalld.service
$ systemctl disable firewalld.service
#重启防火墙(修改配置后要重启防火墙)
$ firewall-cmd --reload
开放端口,关闭端口,查看端口:
$ sudo firewall-cmd --query-port=8080/tcp
no
$ sudo firewall-cmd --permanent --add-port=8080/tcp
success
$ sudo firewall-cmd --query-port=8080/tcp
no
$ sudo firewall-cmd --reload
success
$ sudo firewall-cmd --query-port=8080/tcp
yes
$ sudo firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens33
sources:
services: ssh dhcpv6-client
ports: 80/tcp 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
$ sudo firewall-cmd --permanent --remove-port=8080/tcp
success
$ sudo firewall-cmd --query-port=8080/tcp
yes
$ sudo firewall-cmd --reload
success
$ sudo firewall-cmd --query-port=8080/tcp
no
上面这一系列命令的使用,应该不复杂。关键就是reload之后,配置才会生效。
firewall-cmd的配置,比iptables要简单不少。
补充一个常用的命令:
$ sudo firewall-cmd --list-port
80/tcp
本文链接:https://cs.pynote.net/sf/linux/sys/202204132/
-- EOF --
-- MORE --