firewall-cmd常用命令

#开启防火墙

systemctl start firewalld.service

#防火墙开机启动

systemctl enable firewalld.service

#关闭防火墙

systemctl stop firewalld.service

#查看防火墙状态

firewall-cmd --state

#查看现有的规则

firewall-cmd --zone=public --list-ports

#重载防火墙配置

firewall-cmd--reload

#添加单个端口

firewall-cmd --permanent --zone=public --add-port=81/tcp

#添加多个端口

firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp

#删除指定端口

firewall-cmd --permanent --zone=public --remove-port=81/tcp

#指定IP开放指定端口

firewall-cmd --permanent --add-rich-rule="rulefamily="ipv4" source address="192.168.142.166" portprotocol="tcp" port="6379" accept"

#指定IP开放

firewall-cmd--permanent--add-rich-rule="rulefamily="ipv4" source address="192.168.0.233" accept"

#删除指定IP

firewall-cmd --permanent --remove-rich-rule="rulefamily="ipv4" source address="192.168.1.51" accept"

#指定ip段访问

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0/16" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="9200" accept"

#操作后需执行重载

firewall-cmd --reload

#端口转发

# 将80端口的流量转发至8080

firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080

# 将80端口的流量转发至192.168.0.1

firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.1

# 将80端口的流量转发至192.168.0.1的8080端口

firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.1:toport=8080