https://www.cnblogs.com/xiaozhang666/p/12190655.html
#开启服务器的端口
firewall-cmd --add-port 8080/tcp
# 开启防火墙
systemctl start firewalld.service
# 重启防火墙
systemctl restart firewalld
# 防火墙开机启动
systemctl enable firewalld.service
# 关闭防火墙
systemctl stop firewalld.service
# 查看防火墙状态
firewall-cmd --state
#查看防火墙状态
systemctl status firewalld 或者 firewall-cmd --state
#查看防火墙开机时是否启动
systemctl list-unit-files | grep firewalld
#查看区域信息
firewall-cmd--get-active-zones
#查看指定接口所属区域
firewall-cmd--get-zone-of-interface=eth0
# 查看现有的规则
firewall-cmd --list-all
或
iptables -nL
# 重载防火墙配置
firewall-cmd --reload
# 添加单个单端口
firewall-cmd --permanent --zone=public --add-port=81/tcp
--permanent 永久生效
--zone作用域
--add-port 添加一个端口
#查看现有端口
firewall-cmd --zone=public --query-port=80/tcp
或
firewall-cmd --zone=public --list-ports
# 添加多个端口
firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp
# 删除某个端口
firewall-cmd --permanent --zone=public --remove-port=81/tcp
# 针对某个 IP开放端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="6379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.233" accept"
# 删除某个IP
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.51" accept"
# 针对一个ip段访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0/16" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="9200" accept"
# 添加操作后别忘了执行重载
firewall-cmd --reload