firewall-cmd
CentOS 7 default firewall using firewalld, not CentOS iptables 6 of
Check firewall status
systemctl status firewalld
Can
firewall-cmd --state
Start firewall
systemctl start firewall
# 或者
systemctl start firewalld.service
Turn off the firewall
systemctl stop firewall
# 或者
systemctl stop firewalld.service
Restart the firewall
systemctl restart firewall
# 或者
systemctl restart firewalld.service
Setting a power-enable the firewall
systemctl enable firewalld.service
Set the boot does not enable the firewall
systemctl disable firewalld.service
Add firewall port
firewall-cmd --zone=public --add-port=3306/tcp --permanent
Adding to be a port
firewall-cmd --zone=public --add-port=80-90/tcp --permanent
Command parsing:
- Zone # scope
-add-port = 3690 / tcp # Add port in the format port / protocol
permanently add -permanent, not the restart will fail
After adding the port to reload
firewall-cmd --reload
Lists the supported zone
firewall-cmd --get-zones
Lists the supported service (the service is in the list of release)
firewall-cmd --get-services
View ftp service supports
firewall-cmd --query-service ftp
Temporary open ftp service
firewall-cmd add-service=ftp
Permanently open ftp service
firewall-cmd --add-service=ftp --permanent
Permanently remove ftp service
firewall-cmd --remove-service=ftp --permanent
Add permanent port 8080
firewall-cmd --add-port=8080/tcp --permanent
Review the rules and iptables command are the same
iptables -L -n
View already open ports
firewall-cmd --list-ports
See all the information firewall
firewall-cmd --list-all
View Help
man firewall-cmd
Check local port monitor has been enabled
ss -ant
# centos7以下使用: netstat -ant