Firewalld
Centos7
Centos7
$ yum install -y firewalld$ systemctl status firewalld # 查看状态$ systemctl start firewalld # 启动$ systemctl stop firewalld #关闭$ systemctl enable firewalld # 开机启动$ systemctl disable firewalld # 取消开机启动$ firewall-cmd --get-active-zones # 查看激活的域$ firewall-cmd --zone=public --list-ports # 查看开放的端口$ firewall-cmd --zone=public --list-rich-rules # 查看添加的规则# 开放单个端口$ firewall-cmd --zone=public --add-port=80/tcp --permanent
# 开放端口范围$ firewall-cmd --zone=public --add-port=8388-8389/tcp --permanent
# 对 147.152.139.197 开放10000端口$ firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="147.152.139.197/32" port protocol="tcp" port="10000" accept'
# 拒绝端口:$ firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="47.52.39.197/32" port protocol="tcp" port="10000" reject'
# 开放全部端口给IP$ firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="192.168.0.1/32" accept';
# 开放全部端口给网段$ firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="192.168.0.0/16" accept';# 查看全部支持的服务$ firewall-cmd --get-service
# 查看开放的服务$ firewall-cmd --list-service
# 添加服务,添加https$ firewall-cmd --add-service=https --permanent修改对应的配置文件是/etc/firewalld/zones/public.xml
# 移除添加的端口$ firewall-cmd --zone=public --remove-port=80/tcp --permanent对路由规则进行修改后,需要重新加载规则才能使规则生效
$ firewall-cmd --reload