Linux firewalld防火墙

1. 基本命令
2. firewalld

启动防火墙 ¶

systemctl start firewalld

查看防火墙状态 ¶

systemctl status firewalld

禁用防火墙 ¶

systemctl disable firewalld

停止防火墙 ¶

systemctl stop firewalld
2. firewalld.service

启动一个服务 ¶

systemctl start firewalld.service

关闭一个服务 ¶

systemctl stop firewalld.service

重启一个服务 ¶

systemctl restart firewalld.service

显示一个服务的状态 ¶

systemctl status firewalld.service

在开机时启用一个服务 ¶

systemctl enable firewalld.service

在开机时禁用一个服务 ¶

systemctl disable firewalld.service

查看服务是否开机启动 ¶

systemctl is-enabled firewalld.service

查看已启动的服务列表 ¶

systemctl list-unit-files|grep enabled

查看启动失败的服务列表 ¶

systemctl –failed
3. firewalld-cmd

查看版本 ¶

firewall-cmd –version

查看帮助 ¶

firewall-cmd –help

显示状态 ¶

firewall-cmd –state

查看所有打开的端口 ¶

firewall-cmd –zone=public –list-ports

更新防火墙规则 ¶

firewall-cmd –reload

查看区域信息 ¶

firewall-cmd –get-active-zones

查看指定接口所属区域 ¶

firewall-cmd –get-zone-of-interface=eth0

拒绝所有包 ¶

firewall-cmd –panic-on

取消拒绝状态 ¶

firewall-cmd –panic-off

查看是否拒绝 ¶

firewall-cmd –query-panic
4. 打开端口

添加需要打开的端口（–permanent永久生效，没有此参数重启后失效） ¶

firewall-cmd –zone=public –add-port=80/tcp –permanent

重新载入生效 ¶

firewall-cmd –reload

查看已添加的端口 ¶

firewall-cmd –zone=public –query-port=80/tcp
5. 关闭端口
firewall-cmd –zone=public –remove-port=8080/tcp –permanent
firewall-cmd –zone=public –remove-port=8081/tcp –permanent
6. 查看端口
firewall-cmd –zone=public –list-ports