0%

centos7默认防火墙firewall配置

centos7不再使用iptable 默认改用firewall 更简单了一点
临时
firewall-cmd –zone=public –add-port=22/tcp

永久/重启后有效
firewall-cmd –zone=public –add-port=22/tcp –permanent
firewall-cmd –zone=public –add-port=443/tcp –permanent
firewall-cmd –zone=public –add-port=9980/tcp –permanent
firewall-cmd –zone=public –add-port=9981/tcp –permanent
firewall-cmd –zone=public –add-port=3306/tcp –permanent

删除

firewall-cmd –zone=public –remove-port=39000-40000/tcp –permanent
firewall-cmd –zone=public –remove-port=3322/tcp –permanent
firewall-cmd –zone=public –remove-port=8888/tcp –permanent
firewall-cmd –zone=public –remove-port=20/tcp –permanent
firewall-cmd –zone=public –remove-port=21/tcp –permanent
firewall-cmd –zone=public –remove-port=80/tcp –permanent

firewall-cmd –list-ports #端口列表
systemctl start firewalld.service #启动firewall
firewall-cmd –reload #重启firewall
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
systemctl enable firewalld.service #开机启动

firewall-cmd –state #查看默认防火墙状态(关闭后显示notrunning,开启后显示running)