查看防火墙上现有的规则
[root@layout1 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: bond0 em3 em4
sources:
services: dhcpv6-client ssh #默认开启了ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
更新防火墙规则
[root@layout1 ~]# firewall-cmd --reload
查看防火墙区域信息 默认只启用了public区域
[root@layout1 ~]# firewall-cmd --get-active-zones
public
interfaces: em3 em4 bond0
对端口做放行
[root@layout1 ~]# firewall-cmd --add-port=5900/tcp --permanent #永久生效
[root@layout1 ~]# firewall-cmd --reload #立即加载
删除端口规则
[root@layout1 ~]# firewall-cmd --remove-port=5900/tcp --permanent
[root@layout1 ~]# firewall-cmd --reload
rich-rule规则限定 动作: accept (reject drop很少用)
[root@layout1 ~]# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.66.0/24" port port="5900" protocol="tcp" accept' --permanent
[root@layout1 ~]# firewall-cmd --reload
[root@layout1 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: bond0 em3 em4
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.66.0/24" port port="5900" protocol="tcp" accept[root@layout1 ~]# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="80" protocol="tcp" accept' --permanent
删除规则
[root@layout1 ~]# firewall-cmd --remove-service=ssh --permanent
[root@layout1 ~]# firewall-cmd --reload
#rich-rule添加的时候是哪些,删除的时候也是哪些参数
[root@layout1 ~]# firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.66.0/24" port port="5900" protocol="tcp" accept' --permanent
success
[root@layout1 ~]# firewall-cmd --reload
success
[root@layout1 ~]# firewall-cmd --list-all