启动一个服务:
1
systemctl start firewalld.service
关闭一个服务:
1
systemctl stop firewalld.service
重启一个服务:
1
systemctl restart firewalld.service
显示一个服务的状态:
1
systemctl status firewalld.service
在开机时启用一个服务:
1
systemctl enable firewalld.service
在开机时禁用一个服务:
1
systemctl disable firewalld.service
查看服务是否开机启动:
1
systemctl is-enabled firewalld.service
查看已启动的服务列表:
1
systemctl list-unit-files|grep enabled
查看启动失败的服务列表:
1
systemctl --failed
查看所有打开的端口:
1
firewall-cmd --zone=public --list-ports
更新防火墙规则:
1
firewall-cmd --reload
查看区域信息:
1
firewall-cmd --get-active-zones
添加
1
firewall-cmd --zone=public --add-port=8081/tcp --permanent (--permanent永久生效,没有此参数重启后失效)
重新载入
1
firewall-cmd --reload
查看
1
firewall-cmd --zone=public --query-port=80/tcp
删除
1
firewall-cmd --zone=public --remove-port=80/tcp --permanent
添加防火墙规则(对指定IP开放指定端口)
1
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="27017" accept/drop/reject"
查看配置结果,验证配置
1
firewall-cmd --list-all
删除规则
1
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="27017" accept"
