firewalld
基础
systemctl stop firewalld
systemctl disable firewalld
firewall-cmd --reload # 如果是 --permanent 持久化规则, 则还需要reload一次show
firewall-cmd --state # 查询运行状态
firewall-cmd --get-zone-of-interface=eth0 # 查看接口所属区域
firewall-cmd --get-default-zone # 获取默认区域
firewall-cmd --get-active-zones # 获取活动的区域
firewall-cmd --permanent --zone=public --get-target # 获取此区域的默认动作
firewall-cmd --zone=public --list-all # 获取全部规则管理
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=100-500/tcp # 临时添加端口范围
firewall-cmd --zone=work --add-source=10.2.1.200
# 更换网卡所匹配的区域
firewall-cmd --zone=drop --change-interface=eth0
firewall-cmd --set-default-zone=drop高级规则
# 列出高级规则
firewall-cmd --list-rich-rules
# 添加细化的规则
firewall-cmd --zone=public --permanent --add-rich-rule 'rule family="ipv4" source address=10.27.10.181 port port=26379 protocol=tcp accept'
firewall-cmd --zone=public --permanent --remove-rich-rule='rule family="ipv4" source address="10.27.10.0/24" port port="22" protocol="tcp" accept'
# 添加某个网段的访问策略
firewall-cmd --zone=drop --permanent --add-rich-rule 'rule family="ipv4" source address=10.27.10.0/24 port port=9001 protocol=tcp accept'示例-一般初始化
firewall-cmd --zone=public --remove-service=ssh
firewall-cmd --zone=public --remove-service=ssh --permanent
firewall-cmd --zone=public --remove-service=dhcpv6-client --permanent
firewall-cmd --zone=public --remove-service=cockpit --permanent
firewall-cmd --zone=public --add-icmp-block=echo-request
firewall-cmd --zone=public --add-icmp-block=echo-reply
firewall-cmd --permanent --zone=trusted --add-source=10.2.2.0/24
firewall-cmd --permanent --zone=trusted --add-source=10.3.0.1/32
firewall-cmd --permanent --zone=trusted --add-source=192.168.0.175/32
firewall-cmd --permanent --zone=trusted --remove-source=192.168.0.175/24
firewall-cmd --permanent --zone=trusted --remove-source=10.2.1.5/32
firewall-cmd --permanent --zone=trusted --remove-source=192.168.0.175/32
firewall-cmd --zone=trusted --list-all最后更新于