centos8 Firewall Command Daquan

  1. Check if there is a firewall service, no installation

    Yum Install iptables-services # Install iptables (firewall services)
  2. SystemctL use

    systemctl unmask firewalld #执行命令,即可实现取消服务的锁定systemctl mask firewalld # 下次需要锁定该服务时执行systemctl start firewalld.service #启动防火墙systemctl stop firewalld.service #停止防火墙systemctl reloadt firewalld.service #重载配置systemctl restart firewalld.service #重启服务systemctl status firewalld.service #显示服务的状态systemctl enable firewalld.service #在开机时启用服务systemctl disable firewalld.service #在开机时禁用服务systemctl is-enabled firewalld.service #查看服务是否开机启动systemctl list-unit-files|grep enabled #查看已启动的服务列表systemctl --failed #查看启动失败的服务列表
  3. FireWall-CMD

    fireWall-cmd --State # View Firewall Status FireWall-CMD --Reload # Update Firewall Rule FireWall-Cmd --State # View Firewall Status FireWall-CMD --RELOAD # Heavy Duty Firewall Rule FireWall-cmd --List- Ports # See all Open Port FireWall-Cmd --List-Services # See all Allowed Services FireWall-CMD - Get-Services # Get all supported service # 区域 相关 相关 区域 相关 相关 服务 查看 相关 查看 相关 查看All Area Information FireWall-Cmd --get-Active-Zones # View Activity Area Information FireWall-cmd --set-default-zone = public # Set PUBLIC for Default Area FireWall-cmd - Get-Default-Zone # View Default Zone Information FireWall-cmd --zone = public --add-interface = eth0 # Take interface Eth0 Add Zone PUBLIC # Interface Related FireWall-cmd --Zone = public --Remove-Interface = Eth0 # Delete the interface from the area public- Eth0FireWall- cmd --zone = default --change-interface = eth0 # Modify Interface Eth0 belongs to defaultfirewall-cmd --get-zone-of-interface = eth0 # View Interface Eth0 area
  4. Example

    FireWall-cmd --query-port = 8080 / tcp # Query port Whether to open FireWall-cmd --Add-port = 80 / tcp --Permanent # Permanently add 80 port exceptions (global) FireWall-cmd --Remove- Port = 80 / tcp --Permanent # Permanently deleted 80 port exceptions (global) FireWall-cmd --add-port = 65001-65010 / tcp --Permanent # Permanently increased 65001-65010 Exceptions (global) FireWall-cmd --zone = public --Add-port = 80 / tcp --Permanent # Permanently adds 80 port exceptions (region public) FireWall-cmd --Zone = public --Remove-port = 80 / tcp --Permanent # Permanently deleted 80 port exceptions (Region PUBLIC) FIREWALL-CMD --ZONE = public --Add-port = 65001-65010 / TCP --Permanent # Permanently increased 65001-65010 Exceptions (area public)
  5. Restart the firewall after modifying the configuration

    FireWall-cmd --Reload # Restart the firewall (to restart the firewall after modifying the configuration)