Simple configuration, reference learning:
–permanent This parameter is added at the beginning or end of the command when a permanent state is set, otherwise the setting fails after overloading or restarting the firewall.
Open port: firewall-cmd–zone=public–add-port=80/tcp–permanent firewall-cmd–zone=public–add-port=22/tcp– Permanent
Common ports
Http:80
Ssh:22
redis:6379 7000 7001 7002
mysql:3306
mongdb:5672
es:9300
rebbitmq:5672
consul:8500
You can specify more than one at a time: firewall-cmd–zone=public–permanent–add-port=111/tcp–add-port=139/tcp–add-port=445/tcp
Firewall-cmd–reload
View all open ports: firewall-cmd–list-port firewall-cmd–zone=public–list-ports
Open camouflage: firewall-cmd [–zone=zone]–add-masquerade firewall-cmd–remove-masquerade firewall-cmd– Query-masquerade
Add Zone Interface: firewall-cmd [–zone=zone]–add-interface= Firewall-cmd–zone=public–add-interface=eth0
List the attributes of all enabled zones
Firewall-cmd–list-all-zones
All attributes enabled for the output region. If you omit a range, the information for the default zone is displayed Firewall-cmd–zone=public–list-all
To enable a service:
Firewall-cmd–add-service=http
Firewall-cmd–add-service=vnc-server firewall-cmd–zone=public–add-service=nfs–add-service=samba–add-service= Samba-client–permanent
Firewall-cmd–remove-service=service Removal Service
Enquiry: Firewall-cmd–list-service
NAT Address Translation:
Firewall-cmd [–zone=]–add-forward-port=port=[-]:p roto= {: toport=[-] |: toaddr=
| :toport=[-]:toaddr= }
IP端口转发:
firewall-cmd–add-forward-port=222:proto=tcp:toport=333:toaddr=192.168.1.100
Local forwarding: firewall-cmd–add-forward-port=port=9898:proto=tcp:toport=8088:toaddr=
Success
Enquiry: firewall-cmd–list-forward-port firewall-cmd–list-port firewall-cmd–list-all
Removal: firewall-cmd–remove-forward-port=port=222:proto=tcp:toport=333:toaddr= firewall-cmd– remove-forward-port=222:proto=tcp:toport=333:toaddr=192.168.1.100
Graphical Configuration tool: # Firewall-config
Custom rules:
/sbin/iptables-t filter-i input_direct 2-s 192.168.1.1-p tcp–dport=22-j DROP
usage:–direct–add-rule {IPv4 | ipv6 | eb}
firewall-cmd–permanent–direct–add-rule IPv4 filter INPUT 1-s 192.168.1.0/24-p tcp–dport=22-j ACCEPT firewall-cmd–permanent–direct–add-rule IPv4 filter INPUT 2-p tcp–dport=22-j DROP Firewall-cmd–reload Firewall-cmd–direct–get-all-rules
IPv4 filter INPUT 1-s 192.168.1.0/24-p tcp–dport=22-j ACCEPT
IPv4 filter INPUT 2-p tcp–dport=22-j DROP