firewall-cmd常用命令 #开启防火墙 systemctlstartfirewalld.service #防火墙开机启动
systemctlenablefirewalld.service #关闭防火墙 systemctlstopfirewalld.service #查看防火墙状态
firewall-cmd--state #查看现有的规则 iptables-nL firewall-cmd--zone=public--list-ports
#重载防火墙配置 firewall-cmd--reload #添加单个单端口 firewall-cmd--permanent--zone=public--add
-port=81/tcp #添加多个端口 firewall-cmd--permanent--zone=public--add-port=8080-8083/
tcp #删除某个端口 firewall-cmd--permanent--zone=public--remove-port=81/tcp
#针对某个IP开放端口 firewall-cmd--permanent--add-rich-rule="rulefamily="ipv4"source
address="192.168.142.166"portprotocol="tcp"port="6379"accept" firewall-cmd--
permanent--add-rich-rule="rulefamily="ipv4"source address="192.168.0.233"
accept" #删除某个IP firewall-cmd--permanent--remove-rich-rule="rulefamily="
ipv4"source address="192.168.1.51"accept" #针对一个ip段访问 firewall-cmd--permanent--
add-rich-rule="rulefamily="ipv4"source address="192.168.0.0/16"accept" firewall-
cmd--permanent--add-rich-rule="rulefamily="ipv4"source address="192.168.1.0/24"
portprotocol="tcp"port="9200"accept" #添加操作后别忘了执行重载 firewall-cmd--reload