firewall简单使用

环境： centos8

常用命令

• 7080端口对所有ip开放
  • 添加规则

    firewall-cmd –zone=public –add-port=7080/tcp –permanent

  • reload生效

    firewall-cmd –reload

  • 查看刚创建的规则

    firewall-cmd –list-ports

  • 删除这条规则

    firewall-cmd –permanent –remove-port=7080/tcp

  • reload生效

    firewall-cmd –reload

  • 查看是否生效

    firewall-cmd –list-ports

• 在ipv4家族中添加富规则，拒绝192.168.21.221访问7080端口
  • 添加规则

    firewall-cmd –permanent –add-rich-rule=’rule family=”ipv4″ source address=”192.168.21.221″ port protocol=”tcp” port=”7080″ reject’

  • reload生效

    firewall-cmd –reload

  • 查看刚创建的规则

    firewall-cmd –list-rich-rules

  • 删除刚添加的规则

    firewall-cmd –permanent –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.21.221″ port protocol=”tcp” port=”7080″ reject’

  • reload生效

    firewall-cmd –reload

  • 查看是否生效

    firewall-cmd –list-rich-rules

• 在ipv4家族中添加富规则，让192.168.21.224可以临时访问udp端口7080
  • 添加规则

    firewall-cmd –add-rich-rule=’rule family=”ipv4″ source address=”192.168.21.224″ port protocol=”udp” port=”7080″ accept’

  • 查看添加的富规则是否生效

    firewall-cmd –list-rich-rules

  • 删除刚创建的规则

    firewall-cmd –remove-rich-rule=rule family=”ipv4″ source address=”192.168.21.224″ port protocol=”udp” port=”7080″ accept’

• firewall 查看所有规则
  • 查看默认地区（public）的

    firewall-cmd –list-all

  • 查看所有地区规则

    firewall-cmd –list-all-zones