Centos8和stream 9防火墙基本使用
原创
©著作权归作者所有:来自51CTO博客作者dylan20141226的原创作品,请联系作者获取转载授权,否则将追究法律责任
查发行版:
[root@localhost nps-0.26.10]# cat /etc/redhat-release
CentOS Stream release 9
查看防火墙状态
systemctl status firewalld
firewall-cmd --state
开启/关闭/重启防火墙
systemctl start firewalld
[root@localhost conf]# systemctl start firewalld
[root@localhost conf]# firewall-cmd --state
running
systemctl stop firewalld
[root@localhost conf]#systemctl stop firewalld
[root@localhost conf]# firewall-cmd --state
not running
systemctl restart firewalld
放行指定端口
firewall-cmd --zone=public --add-port=端口号/tcp --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent # http
firewall-cmd --zone=public --add-port=443/tcp --permanent #https
放行范围端口
firewall-cmd --zone=public --add-port=5000-6000/tcp --permanent
删除防火墙端口
firewall-cmd --zone=public --remove-port=5000-6000/tcp --permanent
修改防火墙后,都要对防火墙进行刷新
查看防火墙某个端口是否开放与开放哪些端口
firewall-cmd --query-port=端口号/tcp
firewall-cmd --zone=public --list-ports
关于firewall-cmd使用,请查看firewall-cmd -h
[root@localhost conf]# firewall-cmd -h
Usage: firewall-cmd [OPTIONS...]
General Options
-h, --help Prints a short help text and exits
-V, --version Print the version string of firewalld
-q, --quiet Do not print status messages
Status Options
--state Return and print firewalld state
--reload Reload firewall and keep state information
--complete-reload Reload firewall and lose state information
--runtime-to-permanent
Create permanent from runtime configuration
--check-config Check permanent configuration for errors
Log Denied Options
--get-log-denied Print the log denied value
--set-log-denied=<value>
Set log denied value
Permanent Options
--permanent Set an option permanently
Usable for options marked with [P]
Zone Options
--get-default-zone Print default zone for connections and interfaces
--set-default-zone=<zone>
Set default zone
--get-active-zones Print currently active zones
--get-zones Print predefined zones [P]
--get-services Print predefined services [P]
--get-icmptypes Print predefined icmptypes [P]