centos 7 防火墙配置

centos 7 防火墙配置

# centos 7 防火墙配置
# 查看防火墙是否开启
firewall-cmd --state
# 开启
service firewalld start
# 重启
service firewalld restart
# 关闭
service firewalld stop
# 查询端口是否开放
firewall-cmd --query-port=8080/tcp
# 开放80端口
firewall-cmd --permanent --add-port=80/tcp
# 移除端口
firewall-cmd --permanent --remove-port=8080/tcp
放通某个端口
firewall-cmd --permanent --zone=public --add-port=5672/tcp
移除以上规则
firewall-cmd --permanent --zone=public --remove-port=5672/tcp

放通某个端口段
firewall-cmd --permanent --zone=public --add-port=10000-20000/tcp

查看所有放通的端口
firewall-cmd --zone=public --list-ports
放通某个IP访问
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.1.169 accept'
移除以上规则
firewall-cmd --permanent --remove-rich-rule='rule family=ipv4 source address=192.168.1.169 accept'

放通某个IP段访问
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.2.0/24 accept'

禁止某个IP访问
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.1.169 drop'

放通某个IP访问某个端口
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.1.169 port protocol=tcp port=6379 accept'
#重启防火墙(修改配置后要重启防火墙)
firewall-cmd --reload

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.41.0/24 accept'
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=192.168.41.110 drop'