服务查询
查看状态
[root@wj ~]# firewall-cmd --state
running重新加载
[root@wj ~]# firewall-cmd --reload
success查看版本号
[root@wj ~]# firewall-cmd --version
0.6.3服务启停
#服务起停
systemctl stop firewalld
systemctl start firewalld
systemctl status firewalld
systemctl restart firewalld
#开机自启
systemctl enable firewalld
#静止开机自启
systemctl disable firewalld端口开通查询
目前只放行了3000/tcp 9090/tcp 两个端口
[root@wj grafana-node_exporter-prometheus]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens32
sources:
services: dhcpv6-client ssh
ports: 3000/tcp 9090/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: 永久开放3000端口
#永久开放单个端口 --zone表示作用域 –add-port=80/tcp #添加端口,格式为:端口/通讯协议
#–permanent #永久生效,没有此参数重启后失效
[root@wj]# firewall-cmd --zone=public --add-port=3000/tcp --permanent
success
[root@wj ~]# firewall-cmd --reload永久开放80和8080端口
[root@wj]# firewall-cmd --zone=public --add-port=80/tcp --add-port=8080/tcp --permanent
[root@wj grafana-node_exporter-prometheus]# firewall-cmd --reload
success移除8080端口
[root@wj ~]# firewall-cmd --remove-port=8080/tcp --permanent
[root@wj ~]# firewall-cmd --reload开放http服务
[root@wj ~]# firewall-cmd --zone=public --add-service=http --permanent
[root@wj ~]# firewall-cmd --reload移除http服务
[root@wj ~]# firewall-cmd --zone=public --remove-service=ssh --permanent
[root@wj ~]# firewall-cmd --reload允许192.168.255.1访问22端口
[root@wj ~]# firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.255.1" port port="22" protocol="tcp" accept' --permanent
[root@wj ~]# firewall-cmd --reload
--允许之后在拒绝--remove-rich-rule
[root@wj ~]# firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.255.1" port port="22" protocol="tcp" accept' --permanent
[root@wj ~]# firewall-cmd --reload拒绝192.168.255.1访问22端口
[root@wj ~]# firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.255.1" port port="22" protocol="tcp" reject' --permanent
[root@wj ~]# firewall-cmd --reload
--拒绝之后在允许--remove-rich-rule
[root@wj ~]# firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.255.1" port port="22" protocol="tcp" reject' --permanent
[root@wj ~]# firewall-cmd --reload© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容