firewall-cmd防火墙策略

--permanent 永久生效，重启后规则不消失

不执行 firewall-cmd --reload 命令配置不生效

---

添加单个IP为白名单

firewall-cmd --permanent --zone=public  -add-rich-rule='rule family="ipv4" source address="IP" accept'

---

删除白名单

firewall-cmd --permanent --zone=public  --remove-rich-rule='rule family="ipv4" source address="IP" accept' 

---

查看开放端口

firewall-cmd --list-ports

---

查看添加的规则

firewall-cmd --list-rich-rules

---

开放连续端口访问

firewall-cmd --permanent --zone=public  --add-port=2011-2055/tcp

---

开放端口

firewall-cmd --permanent --zone=public  --add-port=2011/tcp

---

针对某个IP开放端口

firewall-cmd --permanent --zone=public  -add-rich-rule='rule family="ipv4" source address="IP" port protocol="tcp" port="22" accept'  

---

删除开放端口

firewall-cmd --permanent --zone=public  --remove-port=2011/tcp

---

禁用ssh端口

firewall-cmd --permanent --remove-service=ssh

---

重载firewalld：firewall-cmd -reload

查看防火墙策略：firewall-cmd --list-all

开机自启firewalld：systemctl enable firewalld

检查firewalld状态 systemctl status firewalld

启动firewalld: systemctl start firewalld

关闭 firewalld: systemctl stop firewalld