(1)查看已开启端口
firewall-cmd --list-ports(2)查看防火墙状态
firewall-cmd --state(3)开启防火墙
systemctl start firewalld.service(4)重启防火墙服务
systemctl restart firewalld.service(5)关闭防火墙服务
systemctl stop firewalld.service(6)开启指定端口
firewall-cmd --zone=public --add-port=80/tcp --permanent --zone # 作用域 --add # 添加端口,格式为:端口/通讯协议 --permanent # 永久生效,没有此参数重启后失效(7)重新加载后生效(调整完毕,注意重启)
firewall-cmd reload(8)限制IP访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.246.141" port protocol="tcp" port="80" reject"(9)解除IP限制
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.246.141" port protocol="tcp" port="80" accept"