Article Directory
Firewalld and iptables in CentOS
Previous versions of CentOS7 are used by default iptables服务
to manage firewall rules. CentOS7 and above versions use the firewalld服务
management firewall by default . So in CentOS8, use its default firewalld
configuration firewall.
firewalld related commands
Process and state
systemctl start firewalld.service # 启动防火墙
systemctl stop firewalld.service # 关闭防火墙
systemctl status firewalld.service # 查看防具哦强状态
systemctl enable firewalld.service # 设置防火墙随着系统启动
systemctl disable firewalld.service # 禁止防火墙随着系统启动
firewall-cmd --state # 查看防火墙状态
firewall-cmd --reload # 更新防火墙规则
firewall-cmd --list-ports # 查看所有打开的端口
firewall-cmd --list-services # 查看所有允许的服务
firewall-cmd --get-services # 获取所有支持的服务
Area related
firewall-cmd --list-all-zones # 查看所有区域信息
firewall-cmd --get-active-zones # 查看活动区域信息
firewall-cmd --set-default-zone=public # 设置public为默认区域
firewall-cmd --get-default-zone # 查看默认区域信息
Interface related
firewall-cmd --zone=public --add-interface=eth0 # 将接口eth0加入区域public
firewall-cmd --zone=public --remove-interface=eth0 # 从区域public中删除接口eth0
firewall-cmd --zone=default --change-interface=eth0 # 修改接口eth0所属区域为default
firewall-cmd --get-zone-of-interface=eth0 # 查看接口eth0所属区域
Port related
firewall-cmd --query-prt=8080/tcp # 查询端口是否开放
firewall-cmd --add-port=8080/tcp --permanent # 永久添加8080端口例外(全局)
firewall-cmd --remove-poet=8080/tcp --permanent # 永久删除8080端口例外(全局)
firewall-cmd --add-port=65001-65010/tcp --permanent # 永久增加65002~65010例外(全局)
firewall-cmd --zone=public --add-port=8080/tcp --permanent # 永久添加8080端口例外(区域public)
firewall-cmd --zone=public --remove-port=8080/tcp --permanent # 永久删除8080端口例外(区域public)
firewall-cmd --zone=public -add-port=65001-65010/tcp --permanent # 永久增加65001~65010例外(区域public)
pay attention
After adding/changing firewall rules, either firewall-cmd --reload
update the firewall rules or restart the firewall, otherwise the rules will not take effect.
Most commonly used commands
firewalld-cmd --zone=public --add-port=8080/tcp --permanent
Command parsing
firewall-cmd
: A tool (service) command for operating firewall provided by Linux;:
--zone
Most used domain;:
--add-port=8080/tcp
Add port, format is: port/communication protocol; add means add, remove corresponds to remove
permanent
: permanent zodiac, invalid after restart without this parameter