Enable port 80
Firewall-cmd -- zone = public -- add-port = 80/tcp -- permanent
If success is displayed, the instance is successfully added.
Command description:
-- Zone # Scope
-- Add-port = 80/tcp # add a port in the format of port/communication protocol
-- Permanent # takes effect permanently. If this parameter is not set, it becomes invalid after restart.
Restart firewall
1
Systemctl restart firewalld. service
1. Run, stop, and disable firewalld.
Start: # systemctl start firewalld
View the status: # systemctl status firewalld or firewall-cmd -- state
Stop: # systemctl disable firewalld
Disable: # systemctl stop firewalld
2. Configure firewalld
View the version: $ firewall-cmd -- version
View help: $ firewall-cmd -- help
View settings:
Display status: $ firewall-cmd -- state
View region information: $ firewall-cmd -- get-active-zones
View the region of the specified interface: $ firewall-cmd -- get-zone-of-interface = eth0
Reject all packages: # firewall-cmd -- panic-on
Cancel rejection status: # firewall-cmd -- panic-off
Check whether the request is rejected: $ firewall-cmd -- query-panic
Update firewall rules: # firewall-cmd -- reload
# Firewall-cmd -- complete-reload
The difference between the two is that the first one does not need to be disconnected, that is, one of the firewalld features is to dynamically add rules, and the second one needs to be disconnected, similar to restarting services.
Add interfaces to the region. The default interfaces are all in the public
# Firewall-cmd -- zone = public -- add-interface = eth0
Add -- permanent and reload the firewall
Set the default interface area
# Firewall-cmd -- set-default-zone = public
Effective immediately without restarting
Open the port (it seems this is the most common)
View all opened ports:
# Firewall-cmd -- zone = dmz -- list-ports
Add a port to the region:
# Firewall-cmd -- zone = dmz -- add-port = 8080/tcp
The same method is used for permanent validity.
Opening a service is similar to visualizing the port. The service needs to be added to the configuration file. The/etc/firewalld directory contains the services folder. This is not detailed. For more information, see the documentation.
# Firewall-cmd -- zone = work -- add-service = smtp
Remove service
# Firewall-cmd -- zone = work -- remove-service = smtp