CentOS 7 以上版本的firewall

系统：CentOS 7

firewall命令示例

firewall-cmd --version  #查看firewall版本firewall-cmd --help         #查看帮助systemctl start firewalld   #启动firewallsystemctl status firewalld  #查看firewall状态systemctl disable firewalld #停止firewallsystemctl stop firewalld    #禁用firewallfirewall-cmd --reload       #重新载入，更新防火墙规则firewall-cmd --state        #查看firewall的状态firewall-cmd --list-all     #查看防火墙规则/usr/lib/firewalld/services #该目录中存放的是定义好的网络服务和端口参数，只用于参考，不能修改。firewall-cmd  --permanent --add-service=ftp #开放FTP服务firewall-cmd  --permanent --remove-service=ftp  #关闭FTP服务systemctl restart firewalld #让设定生效iptables -L -n | grep 21    #检查设定是否生效firewall-cmd --query-service ftp    #查看服务的启用状态firewall-cmd --permanent --add-port=3128/tcp    #插入firewall规则，打开3128端口firewall-cmd --permanent --query-port=3128/tcp  #查询插入规则是否生效firewall-cmd --get-service  #在firewall中的服务名称firewall-cmd --zone=public --list-ports #查看所有打开的端口firewall-cmd --zone=public --permanent --add-port=80/tcp    #添加端口--permanent永久生效，没有此参数重启后失效firewall-cmd --zone=public --permanent --remove-port=80/tcp #删除端口firewall-cmd --panic-on     #拒绝所有包firewall-cmd --panic-off    #取消拒绝状态firewall-cmd --query-panic  #查看是否拒绝

获取所有firewall所支持的服务

# firewall-cmd --get-servicesRH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server

systemctl命令范例

systemctl is-enabled servicename.service  #查询服务是否开机启动 systemctl enable servicename.service  #开机运行服务 systemctl disable servicename.service  #取消开机运行 systemctl start servicename.service  #启动服务 systemctl stop servicename.service  #停止服务 systemctl restart servicename.service  #重启服务 systemctl reload servicename.service  #重新加载服务配置文件 systemctl status servicename.service  #查询服务运行状态 systemctl --failed  #显示启动失败的服务