一、查看防火墙状态
systemctl status firewalld
二、开放或限制端口
1、开放端口
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --query-port=22/tcp
firewall-cmd --zone=public --list-ports
2、限制端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-ports
3、批量开放或限制端口
firewall-cmd --zone=public --add-port=100-500/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-ports
firewall-cmd --zone=public --remove-port=100-500/tcp --permanentfirewall-cmd --reload
三、开放或限制IP
1、限制IP地址访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.200" port protocol="tcp" port="80" reject"
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
2、解除IP地址限制
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.200" port protocol="tcp" port="80" accept"
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
vi /etc/firewalld/zones/public.xml
3、限制IP地址段
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" reject"
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" accept"firewall-cmd --reload
已有 447 位网友参与,快来吐槽:
发表评论