1, the basic use of firewalld
Start: systemctl start firewalld
View status: systemctl status firewalld
停止: systemctl disable firewalld
Disable: systemctl stop firewalld
2.systemctl is CentOS7 service management tool in the main tool before it blends service and chkconfig functions in one.
Start a service: systemctl start firewalld.service
shut down a service: systemctlstop firewalld.service
restart a service: systemctlrestart firewalld.service
displays the status of a service: systemctlstatus firewalld.service
enable a service at boot: systemctlenable firewalld.service
disabled at boot a service: systemctldisable firewalld.service
see if the service startup: systemctlis-enabled firewalld.service
view your active list of services: systemctllist-unit-files | grep enabled
to view list of services failed to start: systemctl - failed
3. Configure firewalld-cmd
View Version: firewall-cmd --version
View help: firewall-cmd --help
Display state: firewall-cmd --state
View all open ports: firewall-cmd - zone = public --list-ports
Update firewall rules: firewall-cmd --reload
Viewing area information: firewall-cmd - get-active-zones
Specifies an interface belongs: firewall-cmd - get-zone-of-interface = eth0
Reject all packets: firewall-cmd --panic-on
Unblock status: firewall-cmd --panic-off
Check whether to reject: firewall-cmd --query-panic
How to open a port that it
Add to
firewall-cmd --zone = public --add-port = 80 / tcp --permanent (--permanent permanent, this does not restart the failed parameter)
Reload
firewall-cmd --reload
View
firewall-cmd --zone=public --query-port=80/tcp
delete
firewall-cmd --zone=public --remove-port=80/tcp --permanent
Check firewall is running, the following two commands can
systemctl status firewalld.service
firewall-cmd --state
Check which ports are currently open
In fact, one for each port, each service corresponds to / usr / lib / firewalld / services following an xml file service.
firewall-cmd --list-services
See who can open service
firewall-cmd --get-services
View all open ports:
firewall-cmd --zone=public --list-ports
Update firewall rules:
firewall-cmd --reload