查看防火牆狀態:
systemctl status firewalld
開啟防火牆並設置開機自啟
-
systemctl start firewalld
-
systemctl enable firewalld
1. 開放 22端口:
firewall-cmd --zone=public --add-port=22/tcp --permanent
重新載入一下:
firewall-cmd --reload
查看下是否生效:
firewall-cmd --zone=public --query-port=22/tcp
查看開放的端口:
firewall-cmd --zone=public --list-ports
批量開放端口:
firewall-cmd --zone=public --add-port=100-500/tcp --permanent
查看是否生效firewall-cmd --zone=public --list-rich-rules 2. 插入代碼:
#!/bin/bash # enable the firewall service service firewalld start # config firewall to permit ip range:172.16.17.1-70, port:1521 firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept' # permit 172.16.17.63, since it is broadcast address in above ip range. firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept' # permit 172.16.17.64-70 one by one firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept' firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept' # reload for taking effect this time firewall-cmd --reload
3. 查看文件,修改規則
vi /etc/firewalld/zones/public.xml