1、安装
[root@cocosum ~]# yum -y install firewalld
2、启动,关闭、重启、查看状态、重新加载规则、开机自启
# 启动的方式
[root@cocosum ~]# systemctl start firewalld
Failed to start firewalld.service: Unit is masked.
# 说明被锁定了, 取消即可, 然后再启动. mask锁定
[root@cocosum ~]# systemctl unmask firewalld
Removed symlink /etc/systemd/system/firewalld.service.
[root@cocosum ~]# systemctl start firewalld
# 查看状态
[root@cocosum ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sat 2019-12-14 10:45:18 CST; 5s ago
Docs: man:firewalld(1)
Main PID: 28788 (firewalld)
CGroup: /system.slice/firewalld.service
└─28788 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid
Dec 14 10:45:17 cocosum systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 14 10:45:18 cocosum systemd[1]: Started firewalld - dynamic firewall daemon.
# 启动成功
# 关闭
[root@cocosum ~]# systemctl stop firewalld
# 重启
[root@cocosum ~]# systemctl restart firewalld
# 开机自动启动/ 取消开机自动启动
[root@cocosum ~]# systemctl enable firewalld # 开启
[root@cocosum ~]# systemctl disable firewalld # 取消
# 重新加载规则, 还需要重启防火墙
[root@cocosum ~]# firewall-cmd --reload
success
# 重新加载规则并重启服务
[root@cocosum ~]# firewall-cmd --complete-reload
success
3、开放端口号、指定范围的开放端口号
# 放开端口号
[root@cocosum ~]# firewall-cmd --zone=public --add-port=22/tcp --permanent
success
# 放开指定范围的端口号
[root@cocosum ~]# firewall-cmd --zone=public --add-port=8080-8999/tcp --permanent
success
# 移除开放的端口号
[root@cocosum ~]# firewall-cmd --permanent --remove-port=22/tcp
success
# 需要更新规则和重启firewalld防火墙才能生效
[root@cocosum ~]# firewall-cmd --complete-reload
success
# 添加和删除规则、以及生效规则都讲了,还差一个如何查看开放的端口
# 查看所有开放的端口号
[root@cocosum ~]# firewall-cmd --list-ports
22/tcp
# 查看指定的端口号是否被开放
[root@cocosum ~]# firewall-cmd --query-port=8080/tcp
no
# 上面命名含义
zone: 作用域
add-port=22/tcp: 添加tcp协议的端口号22
--permanent:永久生效,没有此参数重启后失效
# 完成以上的步骤,基本上日常使用没问题了