centos7中防火墙端口开通和删除等操作命令_firewall 删除端口

安装firewall命令

系统环境：centos7

yum install firewalld firewalld-config
1

Firewall开启常见端口命令

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent
1
2
3
4

Firewall关闭常见端口命令

firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --zone=public --remove-port=22/tcp --permanent
firewall-cmd --zone=public --remove-port=53/udp --permanent
1
2
3
4

指定特定源IP访问某端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.1" port protocol="tcp" port="80" accept"   #添加源IP 192.168.100.1访问80端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.100.0/24" port protocol="tcp" port="80" accept"  #添加IP段访问80端口
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.100.1" port protocol="tcp" port="80" accept"   #删除源IP 192.168.100.1访问80端口
1
2
3

指定特定源IP开放所有端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.180.10.10" accept" 
firewall-cmd --reload
1
2

批量添加区间端口

firewall-cmd --zone=public --add-port=4400-4600/udp --permanent
firewall-cmd --zone=public --add-port=4400-4600/tcp --permanent
1
2

查看端口列表：

firewall-cmd --permanent --list-ports
firewall-cmd --permanent --list-all
firewall-cmd --permanent --list-rich-rules
1
2
3

其他常用命令

启动服务：systemctl start firewalld
关闭服务：systemctl stop firewalld
重启服务：systemctl restart firewalld、firewall-cmd --reload
查看服务状态：systemctl status firewalld、firewall-cmd --state
开机自启服务：systemctl enable firewalld
开机禁用服务：systemctl disable firewalld
查看是否开机自启：systemctl is-enable firewalld
1
2
3
4
5
6
7