参考资料 https://www.cnblogs.com/phpshen/p/5842118.html

查看防火墙状态

systemctl status firewalld

开启防火墙

systemctl start firewalld.service

关闭防火墙

systemctl stop firewalld.service

开机自动启动

systemctl enable firewalld.service

关闭开机制动启动

systemctl disable firewalld.service

开放33066端口，供所有IP访问 (追加到配置文件，需重启防火墙才能生效)

firewall-cmd --zone=public --add-port=33066/tcp --permanent

开放33066端口，供所有IP访问 (立马生效，重启防火墙后丢失)

firewall-cmd --zone=public --add-port=33066/tcp

删除33066开放策略

firewall-cmd --remove-port=3306/tcp --permanent

开放部分端口，供部分IP访问 (永久需重启)

firewall-cmd --add-rich-rule="rule family="ipv4" source address="10.144.97.129" port protocol="tcp" port="30000" accept" --permanent

开放部分端口，供部分IP访问 (临时路由，重启丢失)

firewall-cmd --add-rich-rule="rule family="ipv4" source address="10.144.97.129" port protocol="tcp" port="30000" accept"

开放IP白名单(不限定端口，永久需重启)临时路由去掉--permanent

firewall-cmd --add-rich-rule="rule family="ipv4" source address="10.4.250.95" accept" --permanent

删除

firewall-cmd --remove-rich-rule="rule family="ipv4" source address="10.4.250.144" accept" --permanent

其他

firewall-cmd --add-icmp-block=echo-request --permanent
firewall-cmd --remove-service=ssh --permanent
firewall-cmd --zone=public --remove-port=20010/tcp --permanent

禁止指定的ip访问本机

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address="10.4.14.240/28" drop'

重新加载防火墙

firewall-cmd --reload

查看防火墙策略

firewall-cmd --list-all

10IP全开

10.0.0.0/8

删除防火墙某条规则

firewall-cmd --permanent --remove-rich-rule 'rule family=ipv4 source address=10.0.0.0/24 port port=20010 protocol=tcp accept'