1.查看防火牆狀態
systemctl status firewalld
2.開啓,關閉和重啓防火牆
sudo systemctl start firewalld
sudo systemctl stop firewalld
sudo systemctl restart firewalld
3.開機啓用或禁用防火牆
sudo systemctl disable firewalld
sudo systemctl enable firewalld
4.查看防火牆現有規則
sudo firewall-cmd --list-all
5.查詢,開放和關閉端口
查詢端口是否開放,返回yes或者no。
sudo firewall-cmd --query-port=80/tcp
開放單個端口(臨時,重啓防火牆失效)
sudo firewall-cmd --add-port=8080/tcp
開放單個端口(永久,需重啓後生效)
sudo firewall-cmd --permanent --add-port=8080/tcp
sudo firewall-cmd --reload
開放範圍端口
sudo firewall-cmd --permanent --add-port=39000-40000/tcp
sudo firewall-cmd --reload
關閉端口
sudo firewall-cmd --permanent --remove-port=39000-40000/tcp
sudo firewall-cmd --reload
6.較爲複雜的規則設置
爲指定的IP設置端口開放
sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.201' port protocol='tcp' port='5672' accept"