firewall-cmd 相关命令总结
mkdir -p /deploy
cat > /deploy/openip <<EOF
firewall-cmd --zone=trusted --add-source=\$1 --permanent
EOF
cat > /deploy/openport <<EOF
firewall-cmd --zone=public --add-port=\$1/tcp --permanent && firewall-cmd --reload
EOF
cat > /deploy/openippermanet <<EOF
firewall-cmd --zone=trusted --add-source=\$1 --permanent && firewall-cmd --reload
EOF
cat > /deploy/openlist <<EOF
firewall-cmd --state
firewall-cmd --list-ports
firewall-cmd --zone=public --list-all
firewall-cmd --get-active-zone
EOF
cat > /deploy/getservice <<EOF
firewall-cmd --get-services
EOF
cat > /deploy/removeservice <<EOF
firewall-cmd --remove-service \$1 --permanent && firewall-cmd --reload
EOF
cat > /deploy/removeport <<EOF
firewall-cmd --zone=public --remove-port=\$1/tcp --permanent && firewall-cmd --reload
EOF
cat > /deploy/removeip <<EOF
firewall-cmd --zone=trusted --remove-source=\$1 --permanent
EOF
for i in {$ip1 $ip2} ;
do /deploy/openip $i ;
done
chmod 777 /deploy/* -R
内外网映射命令
firewall-cmd --permanent --zone=public --add-forward-port=port=15236:proto=tcp:toport=5236:toaddr=192.168.2.201
说明
1. openip
打开 IP地址的例外
2. openport
打开端口例外
3. openippermanet
永久打开ip地址的例外.
4. openlist
查看开放的例外情况
5. getservice
查看打开了那些服务
6. removeservice
删除某些, 尤其是 ssh 的服务
7. removeport
移除端口例外
8. removeip
移除 ip 的例外.
9. 内网映射端口
10. ufw 命令
ufw allow from $ip
ufw reload
11. iptable命令
iptables -I INPUT 10 -s $ip -j ACCEPT
service iptables save
