Centos 7 firewalld常用命令
firewalld是centos7的一大特性,最大的好處有兩個:支援動態更新,不用重啟服務;第二個就是加入了防火牆的“zone”概念。
◾永久開啟一個埠: firewall-cmd –permanent –add-port=8080/tcp
◾永久關閉一個埠: firewall-cmd –permanent –remove-port=8080/tcp
◾永久開啟某項服務: firewall-cmd –permanent –add-service=http
◾永久關閉某項服務: firewall-cmd –permanent –remove-service=http
◾進行埠轉發: firewall-cmd –permanent –add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55
◾允許轉發到其他地址: firewall-cmd –permanent –add-masquerade
◾重新載入防火牆: firewall-cmd –reload
執行、停止、禁用firewalld
◾啟動:# systemctl start firewalld
◾檢視狀態:# systemctl status firewalld 或者 firewall-cmd –state
◾停止:# systemctl disable firewalld
◾禁用:# systemctl stop firewalld
配置firewalld
◾檢視版本: firewall-cmd –help
◾檢視設定: ◾顯示狀態: firewall-cmd –get-active-zones
◾檢視指定介面所屬區域:$ firewall-cmd –get-zone-of-interface=eth0
◾拒絕所有包:# firewall-cmd –panic-on
◾取消拒絕狀態:# firewall-cmd –panic-off
◾檢視是否拒絕:$ firewall-cmd –query-panic
轉自-小過的布拉格 https://xiaoguo.net/wiki/centos-7-firewalld.html