linux 防火墙基本命令

1、打开防火墙:systemctl start firewalld

2、关闭防火墙:systemctl stop firewalld

3、查看防火墙:systemctl status firewalld

4、重启防火墙:systemctl restart firewalld

5、查看开放的端口:firewall-cmd –zone=public –list-ports

6、开放特定的端口:firewall-cmd –zone=public –add-port=8888/tcp –permanent （–permanent永久生效，没有此参数重启后失效）

7、关闭端口:firewall-cmd –zone=public –remove-port=8888/tcp –permanent

8、指定ip访问固定的端口(允许127.0.0.1 访问5433端口)

firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”127.0.0.1″ port protocol=”tcp” port=”5433″ accept”

9、限制IP为127.0.0.1的地址禁止访问8899端口即禁止访问机器

firewall-cmd –permanent –add-rich-rule=”rule family=”ipv4″ source address=”127.0.0.1″ port protocol=”tcp” port=”8899″ reject”

10、删除已设置规则

firewall-cmd –permanent –remove-rich-rule=”rule family=”ipv4″ source address=” 127.0.0.1″ port protocol=”tcp” port=”8888″ accept”

备注:执行完命令后记得重新加载—–

重新载入一下防火墙设置，使设置生效firewall-cmd –reload