启动:
systemctl start firewalld
停止:
systemctl stop firewalld
重启:
systemctl restart firewalld.service
查看状态:
systemctl status firewalld
开机启动:
systemctl enable firewalld.service
开机禁用:
systemctl disable firewalld
查看服务是否开机启动:
systemctl is-enabled firewalld.service
查看已启动的服务列表:
systemctl list-unit-files|grep enabled
查看启动失败的服务列表:
systemctl --failed
查看版本:
firewall-cmd --version
查看帮助:
firewall-cmd --help
显示状态:
firewall-cmd --state
查看所有打开的端口:
firewall-cmd --zone=public --list-ports
更新防火墙规则:
firewall-cmd --reload
查看区域信息:
firewall-cmd --get-active-zones
查看指定接口所属区域:
firewall-cmd --get-zone-of-interface=eth0
拒绝所有包:
firewall-cmd --panic-on
取消拒绝状态:
firewall-cmd --panic-off
查看是否拒绝:
firewall-cmd --query-panic
开放80端口:
firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent永久生效,没有此参数重启后失效)
查看80端口:
firewall-cmd --zone=public --query-port=80/tcp
删除80端口:
firewall-cmd --zone=public --remove-port=80/tcp --permanent
开放端口区间:
firewall-cmd --permanent --zone=public --add-port=8080-9999/tcp //永久
重新载入使配置立即生效:
firewall-cmd --reload