firewalld开放端口

1.启动firewalld服务

systemctl start firewalld.service

2.关闭firewalld服务

systemctl stop firewalld.service

3.重启firewalld服务

systemctl restart firewalld.service

4.查看firewalld状态

systemctl status firewalld.service

5.开机自启firewalld

systemctl enable firewalld

6.查看版本

firewall-cmd --version

7.查看帮助

firewall-cmd --help

8.显示状态

firewall-cmd --state

9.查看当前所有规则

firewall-cmd --list-all

10.查看所有打开的端口

firewall-cmd --zone=public --list-ports

11.更新防火墙规则

firewall-cmd --reload

12.添加开放端口

firewall-cmd --zone=public --add-port=80/tcp --permanent (permanent永久生效，没有此参数重启后失效)

13.查看端口是否开放

firewall-cmd --zone=public --query-port=80/tcp

14.删除开放端口

firewall-cmd --zone=public --remove-port=80/tcp --permanent

15.批量开放一段TCP端口

firewall-cmd --permanent --add-port=9001-9100/tcp

16.开放IP的访问

firewall-cmd --permanent --add-source=192.168.1.1

17.开放整个源IP段的访问

firewall-cmd --permanent --add-source=192.168.1.0/24

18.移除IP访问

firewall-cmd --permanent --remove-source=192.168.1.1

19.允许指定IP访问本机80端口

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept'

20.禁止指定IP访问本机80端口

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" reject'

21.移除允许指定IP访问本机80端口规则

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept'

注：每次更改firewall规则后需重新加载（firewall-cmd --reload）