centos7之firewalld
1.实操
1.1防火墙启停
systemctl status firewalld
systemctl start firewalld
systemctl enable firewalld
1.2端口开放
firewall-cmd --zone=public --add-port=9001/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --query-port=9001/tcp
firewall-cmd --zone=public --remove-port=9001/tcp --permanent
1.3查询
firewall-cmd --zone=public --list-ports
firewall-cmd --reload
firewall-cmd --list-all
1.4信任ip
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="9001" accept"
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.1.10" accept' --permanent
firewall-cmd --zone=public --remove-rich-rule 'rule family="ipv4" source address="192.168.1.10" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.2.0/24" accept' --permanent
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.13" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.20" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.18" accept' --permanent
firewall-cmd --zone=public --add-rich-rule 'rule family="ipv4" source address="10.1.7.19" accept' --permanent
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
firewall-cmd --zone=public --list-rich-rules
1.5限制ip
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0" port protocol="tcp" port="9001" reject"
firewall-cmd --reload
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address=" 192.168.0.0" port protocol="tcp" port="9001" accept"
firewall-cmd --reload
vim /etc/firewalld/zones/public.xml