1 开启防火墙
# systemctl start firewalld
2 关闭防火墙:
# systemctl stop firewalld
3 重启防火墙
firewall-cmd --reload #
4 开机自动启动防火墙
# systemctl enable firewalld
5 禁止防火墙开机启动
# systemctl disable firewalld
6 查看防火墙状态
#firewall-cmd --state
running 表示运行;
not running表示停止
7 暂时开放服务
比如暂时开放FTP服务:
# firewall-cmd --add-service=ftp
8 永久开放服务
比如永久开放FTP服务:
# firewall-cmd --add-service=ftp --permanent
9 永久关闭服务
比如永久关闭FTP服务:
# firewall-cmd --remove-service=ftp --permanent
10 使设定生效
# systemctl restart firewalld
11 查询服务的启用状态
# firewall-cmd --query-service ftp
yes
# firewall-cmd --query-service ssh
yes
# firewall-cmd --query-service http
no
12 自行加入要开放的端口
# firewall-cmd --add-port=3128/tcp
# firewall-cmd --list-all
public (default)
interfaces:
sources:
services: dhcpv6-client ftp ssh
ports: 3128/tcp
masquerade: no
forward-ports:
icmp-blocks:
rich rules: