Centos8和stream 9防火墙基本使用

查发行版：

[root@localhost nps-0.26.10]# cat /etc/redhat-release

CentOS Stream release 9

查看防火墙状态

systemctl status firewalld

firewall-cmd --state

开启/关闭/重启防火墙

systemctl start firewalld

[root@localhost conf]# systemctl start firewalld
[root@localhost conf]# firewall-cmd --state
running

systemctl stop firewalld

[root@localhost conf]#systemctl stop firewalld
[root@localhost conf]# firewall-cmd --state
not running

​systemctl restart firewalld

​放行指定端口

firewall-cmd --zone=public --add-port=端口号/tcp --permanent

firewall-cmd --zone=public --add-port=80/tcp --permanent # http
firewall-cmd --zone=public --add-port=443/tcp --permanent #https

放行范围端口

firewall-cmd --zone=public --add-port=5000-6000/tcp --permanent

删除防火墙端口

firewall-cmd --zone=public --remove-port=5000-6000/tcp --permanent

修改防火墙后，都要对防火墙进行刷新

firewall-cmd --reload

查看防火墙某个端口是否开放与开放哪些端口

firewall-cmd --query-port=端口号/tcp

firewall-cmd --zone=public --list-ports

关于firewall-cmd使用，请查看firewall-cmd -h

[root@localhost conf]# firewall-cmd -h
Usage: firewall-cmd [OPTIONS...]
General Options
  -h, --help           Prints a short help text and exits
  -V, --version        Print the version string of firewalld
  -q, --quiet          Do not print status messages
Status Options
  --state              Return and print firewalld state
  --reload             Reload firewall and keep state information
  --complete-reload    Reload firewall and lose state information
  --runtime-to-permanent
                       Create permanent from runtime configuration
  --check-config       Check permanent configuration for errors
Log Denied Options
  --get-log-denied     Print the log denied value
  --set-log-denied=<value>
                       Set log denied value
Permanent Options
  --permanent          Set an option permanently
                       Usable for options marked with [P]
Zone Options
  --get-default-zone   Print default zone for connections and interfaces
  --set-default-zone=<zone>
                       Set default zone
  --get-active-zones   Print currently active zones
  --get-zones          Print predefined zones [P]
  --get-services       Print predefined services [P]
  --get-icmptypes      Print predefined icmptypes [P]