Reprinted from: http://www.cnblogs.com/moxiaoan/p/5683743.html
CentOS7 uses firewalld to open and close firewalls and ports 1. Basic use of firewalld Start: systemctl start firewalld Check the status: systemctl status firewalld 停止: systemctl disable firewalld Disable: systemctl stop firewalld 2.systemctl is the main tool in the service management tool of CentOS7, which integrates the functions of the previous service and chkconfig. Start a service: systemctl start firewalld.service Shut down a service: systemctl stop firewalld.service Restart a service: systemctl restart firewalld.service Display the status of a service: systemctl status firewalld.service Enable a service at boot: systemctl enable firewalld.service Disable a service at boot: systemctl disable firewalld.service Check whether the service is started: systemctl is-enabled firewalld.service View the list of started services: systemctl list-unit-files|grep enabled View the list of services that failed to start: systemctl --failed Reload configuration information: systemctl daemon-reload 3. Configure firewalld-cmd Check the version: firewall-cmd --version See help: firewall-cmd --help Show status: firewall-cmd --state View all open ports: firewall-cmd --zone=public --list-ports Update firewall rules: firewall-cmd --reload View zone information: firewall-cmd --get-active-zones View the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0 Deny all packages: firewall-cmd --panic-on Cancel the denied status: firewall-cmd --panic-off Check for rejection: firewall-cmd --query-panic How to open a port Add to firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent takes effect permanently, it will fail after restart without this parameter) reload firewall-cmd --reload Check firewall-cmd --zone=public --query-port=80/tcp delete firewall-cmd --zone=public --remove-port=80/tcp --permanent