查发行版:

[root@localhost nps-0.26.10]# cat /etc/redhat-release

CentOS Stream release 9

Centos8和stream 9防火墙基本使用_端口号

查看防火墙状态

systemctl status firewalld

Centos8和stream 9防火墙基本使用_重启_02

firewall-cmd --state

Centos8和stream 9防火墙基本使用_端口号_03

开启/关闭/重启防火墙

systemctl start firewalld

[root@localhost conf]# systemctl start firewalld
[root@localhost conf]# firewall-cmd --state
running

systemctl stop firewalld

[root@localhost conf]#systemctl stop firewalld
[root@localhost conf]# firewall-cmd --state
not running

​systemctl restart firewalld

​放行指定端口

firewall-cmd --zone=public --add-port=端口号/tcp --permanent

firewall-cmd --zone=public --add-port=80/tcp --permanent # http
firewall-cmd --zone=public --add-port=443/tcp --permanent #https

放行范围端口

firewall-cmd --zone=public --add-port=5000-6000/tcp --permanent

删除防火墙端口

firewall-cmd --zone=public --remove-port=5000-6000/tcp --permanent

修改防火墙后,都要对防火墙进行刷新

firewall-cmd --reload

查看防火墙某个端口是否开放与开放哪些端口

firewall-cmd --query-port=端口号/tcp

firewall-cmd --zone=public --list-ports

Centos8和stream 9防火墙基本使用_重启_04

关于firewall-cmd使用,请查看firewall-cmd -h

[root@localhost conf]# firewall-cmd -h
Usage: firewall-cmd [OPTIONS...]
General Options
-h, --help Prints a short help text and exits
-V, --version Print the version string of firewalld
-q, --quiet Do not print status messages
Status Options
--state Return and print firewalld state
--reload Reload firewall and keep state information
--complete-reload Reload firewall and lose state information
--runtime-to-permanent
Create permanent from runtime configuration
--check-config Check permanent configuration for errors
Log Denied Options
--get-log-denied Print the log denied value
--set-log-denied=<value>
Set log denied value
Permanent Options
--permanent Set an option permanently
Usable for options marked with [P]
Zone Options
--get-default-zone Print default zone for connections and interfaces
--set-default-zone=<zone>
Set default zone
--get-active-zones Print currently active zones
--get-zones Print predefined zones [P]
--get-services Print predefined services [P]
--get-icmptypes Print predefined icmptypes [P]