firewall-cmd 相關命令總結
mkdir -p /deploy
cat > /deploy/openip <<EOF
firewall-cmd --zone=trusted --add-source=\$1 --permanent
EOF
cat > /deploy/openport <<EOF
firewall-cmd --zone=public --add-port=\$1/tcp --permanent && firewall-cmd --reload
EOF
cat > /deploy/openippermanet <<EOF
firewall-cmd --zone=trusted --add-source=\$1 --permanent && firewall-cmd --reload
EOF
cat > /deploy/openlist <<EOF
firewall-cmd --state
firewall-cmd --list-ports
firewall-cmd --zone=public --list-all
firewall-cmd --get-active-zone
EOF
cat > /deploy/getservice <<EOF
firewall-cmd --get-services
EOF
cat > /deploy/removeservice <<EOF
firewall-cmd --remove-service \$1 --permanent && firewall-cmd --reload
EOF
cat > /deploy/removeport <<EOF
firewall-cmd --zone=public --remove-port=\$1/tcp --permanent && firewall-cmd --reload
EOF
cat > /deploy/removeip <<EOF
firewall-cmd --zone=trusted --remove-source=\$1 --permanent
EOF
for i in {$ip1 $ip2} ;
do /deploy/openip $i ;
done
chmod 777 /deploy/* -R
內外網映射命令
firewall-cmd --permanent --zone=public --add-forward-port=port=15236:proto=tcp:toport=5236:toaddr=192.168.2.201
說明
1. openip
打開 IP地址的例外
2. openport
打開端口例外
3. openippermanet
永久打開ip地址的例外.
4. openlist
查看開放的例外情況
5. getservice
查看打開了那些服務
6. removeservice
刪除某些, 尤其是 ssh 的服務
7. removeport
移除端口例外
8. removeip
移除 ip 的例外.
9. 內網映射端口
10. ufw 命令
ufw allow from $ip
ufw reload
11. iptable命令
iptables -I INPUT 10 -s $ip -j ACCEPT
service iptables save