查看防火墙状态
systemctl status firewalld.service或者
firewall-cmd --state
开启防火墙
单次开启防火墙
systemctl start firewalld.service开机自启动防火墙
systemctl enable firewalld.service重启防火墙
systemctl restart firewalld.service防火墙设置开机自启是否成功
systemctl is-enabled firewalld.service关闭防火墙
单次关闭防火墙
systemctl stop firewalld.service禁用防火墙自启动
systemctl disable firewalld.service端口设置
查看所有端口信息
netstat -ntlp开放某端口(如:80)
firewall-cmd --zone=public --add-port=80/tcp --permanent关闭某端口
firewall-cmd --zone=public --remove-port=80/tcp --permanent重载防火墙
firewall-cmd --reload查看所有开放端口
firewall-cmd --zone=public --list-ports查询规则
firewall-cmd --list-all根据端口查询pid
netstat -lnpt |grep 3306或者
lsof -i:3306杀死进程
kill -9 pid 如:
kill -9 96927防火墙IP设置
指定IP可以访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="5432" accept"删除IP策略
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="11300" accept"重新启动防火墙或者重新防护墙策略:firewall-cmd --reload