查看防火墙状态:
systemctl status firewalld
开启防火墙并设置开机自启
-
systemctl start firewalld
-
systemctl enable firewalld
1. 开放 22端口:
firewall-cmd --zone=public --add-port=22/tcp --permanent
重新载入一下:
firewall-cmd --reload
查看下是否生效:
firewall-cmd --zone=public --query-port=22/tcp
查看开放的端口:
firewall-cmd --zone=public --list-ports
批量开放端口:
firewall-cmd --zone=public --add-port=100-500/tcp --permanent
查看是否生效firewall-cmd --zone=public --list-rich-rules 2. 插入代码:
#!/bin/bash # enable the firewall service service firewalld start # config firewall to permit ip range:172.16.17.1-70, port:1521 firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept' # permit 172.16.17.63, since it is broadcast address in above ip range. firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept' # permit 172.16.17.64-70 one by one firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept' # reload for taking effect this time firewall-cmd --reload
3. 查看文件,修改规则
vi /etc/firewalld/zones/public.xml