开启\关闭\重启\开机自启动
bash
# 防火墙的状态
systemctl status firewalld
# 关闭防火墙
systemctl stop firewalld.service
# 开启防火墙
systemctl start firewalld.service
# 重启防火墙
systemctl restart firewalld.service
# 开机自启动
systemctl enable firewalld.service
# 关闭开机自启动
systemctl disable firewalld检查防火墙规则
bash
firewall-cmd --list-all查看开放的端口
bash
firewall-cmd --zone=public --list-ports放行端口
bash
# 放行TCP 9706端口
firewall-cmd --zone=public --add-port=9706/tcp --permanent
# 放行UDP 9706端口
firewall-cmd --zone=public --add-port=9706/udp --permanent
firewall-cmd --reload删除放行端口
bash
# 删除TCP 9706端口
firewall-cmd --zone=public --remove-port=9706/tcp --permanent
# 删除UDP 9706端口
firewall-cmd --zone=public --remove-port=9706/udp --permanent
firewall-cmd --reload策略相关
bash
# 查看规则
firewall-cmd --permanent --list-rich-rules
# 指定固定的ip访问固定端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.38.25.70" port protocol="tcp" port="3306" accept"
# 指定固定的ip段访问固定端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="3306" accept"
# 删除规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="10.38.24.39" port protocol="tcp" port="3306" accept"
# 允许 ICMPv6 流量
firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="::/0" protocol="icmpv6" accept'
# 允许特定的 IPv6 地址或地址段
firewall-cmd --permanent --add-rich-rule='rule family="ipv6" source address="2001:db8::/64" accept'
# 重启防火墙
firewall-cmd --reload