1, the basic use of firewalld
Start: systemctl start firewalld
View status: systemctl status firewalld
停止: systemctl disable firewalld
Disable: systemctl stop firewalld
2.systemctl is CentOS7 service management tool in the main tool before it blends service and chkconfig functions in one.
Start a service: systemctl start firewalld.service
Close a service: systemctl stop firewalld.service
Restart a service: systemctl restart firewalld.service
A status display services: systemctl status firewalld.service
Enable a service at boot: systemctl enable firewalld.service
At boot disable a service: systemctl disable firewalld.service
See if service startup: systemctl is-enabled firewalld.service
View your active list of services: systemctl list-unit-files | grep enabled
View a list of services failed to start: systemctl --failed
3. Configure firewalld-cmd
View Version: firewall-cmd --version
View help: firewall-cmd --help
Display state: firewall-cmd --state
View all open ports: firewall-cmd --zone = public --list-ports
Update firewall rules: firewall-cmd --reload
Viewing area information: firewall-cmd --get-active-zones
Specifies an interface belongs: firewall-cmd --get-zone-of-interface = eth0
Reject all packets: firewall-cmd --panic-on
Unblock status: firewall-cmd --panic-off
Check whether to reject: firewall-cmd --query-panic
How to open a port that it
Add to
firewall-cmd - zone = public - add-port = 80 / tcp --permanent (--permanent permanent, this parameter is not restarted after the failure)
Reload
firewall-cmd --reload
View
firewall-cmd--zone=public--query-port=80/tcp
delete
firewall-cmd--zone=public--remove-port=80/tcp --permanent
4. Review the existing rules:
firewall-cmd --list-all
Add to:
firewall-cmd --zone=public --add-port=6666/tcp --permanent
firewall-cmd --zone=public --add-port=7777/tcp --permanent
firewall-cmd --zone=public --add-port=8888/tcp --permanent
firewall-cmd --zone=public --add-port=9999/tcp --permanent
delete:
firewall-cmd --zone= public --remove-port=6666/tcp --permanent
firewall-cmd --zone= public --remove-port=7777/tcp --permanent
firewall-cmd --zone= public --remove-port=8888/tcp --permanent
firewall-cmd --zone= public --remove-port=9999/tcp --permanent
Adds the specified ip access to a specific port rules:
firewall-cmd --permanent --add-rich-rule 'rule family=ipv4 source address=192.168.0.111 port port=8088 protocol=tcp accept'
Delete the specified ip access a specific port rules:
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.0.111" port protocol="tcp" port="8088" accept"
firewalld and iptables port forwarding prohibited
Prohibit access to certain ip
iptables -I INPUT -s 138.138.138.138 -j DROP
firewall -cmd --permanent --add-rich-rule='rule family=ipv4 source address="138.138.138.138" drop'
Port Forwarding
iptables -t nat -A PREROUTING -p tcp --dport 80 -j REDIRECT --to-port 8080
Author: Wang philosophical
link: https: //www.jianshu.com/p/da1917c8af68
Source: Jane books
Reproduced in: https: //my.oschina.net/u/3803405/blog/3057208