firewall-cmd常用命令
firewalld zone 说明
1 | * 定义的9个区域 |
显示当前默认区域
1
2firewall-cmd --get-default-zone
public设置默认区域
1
firewall-cmd --set-default-zone=home
显示当前正在使用的区域及其对应的网卡接口
1
2
3firewall-cmd --get-active-zones
public
interfaces: ens33显示所有可用的区域
1
2firewall-cmd --get-zones
block dmz drop external home internal public trusted work查看现在开放了那些服务
1
2firewall-cmd --list-services
dhcpv6-client ssh移除ssh服务
1
firewall-cmd --permanent --zone=public --remove-service=ssh && firewall-cmd --reload
添加192.168.95.100访问22002端口
1
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.95.100" port protocol="tcp" port="22002" accept' && firewall-cmd --reload
禁止192.168.95.100访问18080端口
1
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.95.100" port protocol="tcp" port="18080" reject' && firewall-cmd --reload
允许指定IP段访问本机18080-18090端口
1
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.95.0/24" port protocol="tcp" port="18080-18090" accept' && firewall-cmd --reload
禁止指定IP段访问本机18080-18090端口
1
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.95.0/24" port protocol="tcp" port="18080-18090" reject' && firewall-cmd --reload