firewall-cmd 相關命令總結

firewall-cmd 相關命令總結

mkdir  -p /deploy
cat > /deploy/openip <<EOF
firewall-cmd --zone=trusted --add-source=\$1 --permanent
EOF
cat > /deploy/openport <<EOF
firewall-cmd --zone=public --add-port=\$1/tcp --permanent && firewall-cmd --reload
EOF

cat > /deploy/openippermanet <<EOF
firewall-cmd --zone=trusted --add-source=\$1 --permanent && firewall-cmd --reload
EOF

cat > /deploy/openlist <<EOF
firewall-cmd --state 
firewall-cmd --list-ports
firewall-cmd --zone=public --list-all
firewall-cmd --get-active-zone
EOF

cat > /deploy/getservice <<EOF
firewall-cmd --get-services
EOF
cat > /deploy/removeservice <<EOF
firewall-cmd --remove-service \$1 --permanent && firewall-cmd --reload
EOF

cat > /deploy/removeport <<EOF
firewall-cmd --zone=public --remove-port=\$1/tcp --permanent && firewall-cmd --reload
EOF

cat > /deploy/removeip <<EOF
firewall-cmd --zone=trusted --remove-source=\$1 --permanent
EOF

for i in {$ip1 $ip2} ;
do /deploy/openip $i ;
done

chmod 777 /deploy/* -R 

內外網映射命令

firewall-cmd --permanent --zone=public --add-forward-port=port=15236:proto=tcp:toport=5236:toaddr=192.168.2.201

---

說明

1. openip
打開 IP地址的例外

2. openport
打開端口例外

3. openippermanet
永久打開ip地址的例外. 

4. openlist
查看開放的例外情況

5. getservice
查看打開了那些服務

6. removeservice 
刪除某些, 尤其是 ssh 的服務

7. removeport
移除端口例外

8. removeip
移除 ip 的例外. 

9. 內網映射端口

10. ufw 命令
ufw allow from $ip
ufw reload 

11. iptable命令
iptables -I INPUT 10 -s $ip -j ACCEPT
service iptables save