1, mounted
yum install iptables-services # installed iptables
2, systemctl use
systemctl unmask firewalld # execute the command, you can achieve lock cancel service
execution when firewalld # next time the need to lock the mask service systemctl
systemctl Start firewalld.service # start the firewall
systemctl stop firewalld.service # Stop firewall
systemctl reloadt firewalld. service # reload configuration
systemctl restart firewalld.service # restart the service
systemctl status firewalld.service # display the status of the service
systemctl enable firewalld.service # enable service at boot
systemctl disable firewalld.service # disable the service at boot
systemctl is-enabled firewalld are .service # View service boot
systemctl list-unit-files | grep enabled # view your active list of services
systemctl --failed # to view a list of services failed to start
3, firewall-cmd using
firewall-cmd --state # View firewall status
firewall-cmd --reload # updated firewall rules
firewall-cmd --state # View firewall status
firewall-cmd --reload # reload firewall rules
firewall-cmd --list-ports # to view all open ports
firewall-cmd --list-services # View all permissible service
firewall-cmd --get-services # get all the services supported by the
# areas related to
firewall-cmd --list-all -zones # view all the areas of information
firewall-cmd --get-active-zones # View active area information
firewall-cmd --set-default-zone = public # set the default public areas
firewall-cmd --get-default-zone # default View area information
firewall-cmd --zone = public --add- interface = eth0 # public interface eth0 region Add
# interfaces associated
firewall-cmd --zone = public --remove- interface = eth0 # from the public area delete the interface eth0
firewall-cmd --zone = default --change- interface = eth0 # eth0 the respective regions of the interface modifying default
Firewall-cmd --get-Zone-of-view interface the interface eth0 = eth0 belongs to region #
4, cases with
firewall-cmd --query-port = 8080 / tcp # query port is open
firewall-cmd --add-port = 80 / tcp --permanent # 80 permanently add port exceptions (global)
Firewall --remove-Port-cmd = 80 / TCP port 80 permanently deleted --permanent # exceptions (global)
Firewall- cmd --add-port = 65001-65010 / tcp --permanent # exception permanent increase 65001-65010 (global)
Firewall-cmd = --zone public --add-port = 80 / TCP port 80 permanently added --permanent # exceptions (region public)
Firewall-cmd = --zone public --remove-port = 80 / TCP port 80 permanently deleted --permanent # exceptions (region public)
Firewall-cmd = --zone public --add-port = 65001 -65010 / tcp --permanent # exception permanent increase 65001-65010 (region public)
firewall-cmd --reload # restart firewall (firewall to restart after configuration changes)