查看防火墙状态
systemctl status firewalld.service
或者
firewall-cmd --state
开启防火墙
单次开启防火墙
systemctl start firewalld.service
开机自启动防火墙
systemctl enable firewalld.service
重启防火墙
systemctl restart firewalld.service
防火墙设置开机自启是否成功
systemctl is-enabled firewalld.service
关闭防火墙
单次关闭防火墙
systemctl stop firewalld.service
禁用防火墙自启动
systemctl disable firewalld.service
端口设置
查看所有端口信息
netstat -ntlp
开放某端口(如:80)
firewall-cmd --zone=public --add-port=80/tcp --permanent
关闭某端口
firewall-cmd --zone=public --remove-port=80/tcp --permanent
重载防火墙
firewall-cmd --reload
查看所有开放端口
firewall-cmd --zone=public --list-ports
查询规则
firewall-cmd --list-all
根据端口查询pid
netstat -lnpt |grep 3306
或者
lsof -i:3306
杀死进程
kill -9 pid 如:
kill -9 96927
防火墙IP设置
指定IP可以访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="5432" accept"
删除IP策略
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="11300" accept"
重新启动防火墙或者重新防护墙策略:firewall-cmd --reload