Linux防火墙常用命令centos7

1、查看防火墙状态

firewall-cmd --state：查看防火墙状态

输出running则表示防火墙开启，反之则是关闭，也可以使用下面命令进行查询

[root@hd1 ~]# firewall-cmd --state
running

systemctl status firewalld：查看防火墙状态

也会输出防火墙运行信息

[root@hd1 ~]# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since 六 2024-10-12 16:47:31 +08; 5min ago
     Docs: man:firewalld(1)
 Main PID: 815 (firewalld)
    Tasks: 2
   CGroup: /system.slice/firewalld.service
           └─815 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid

10月 12 16:47:26 hd1 systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 12 16:47:31 hd1 systemd[1]: Started firewalld - dynamic firewall daemon.
10月 12 16:47:31 hd1 firewalld[815]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will ...g it now.
Hint: Some lines were ellipsized, use -l to show in full.

2、启动防火墙

        systemctl start firewalld

3、重启防火墙

        systemctl restart firewalld

4、停止防火墙

        systemctl stop firewalld

5、查看防火墙已开启的端口

        firewall-cmd --list-ports

6、添加新的端口

        firewall-cmd --zone=public --add-port=81/tcp --permanent

7、添加连续的端口

        firewall-cmd --zone=public --add-port=82-85/tcp --permanent

        注意：添加完端口要生效的话，必须重启防火墙

8、关闭端口

        firewall-cmd --zone=public --remove-port=81/tcp --premanent

        注意：更改端口要生效的话，必须重启防火墙

9、查看监听的端口

        netstat -lntp

[root@hd1 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      710/rpcbind         
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      1858/dnsmasq        
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      1203/sshd           
tcp        0      0 127.0.0.1:631           0.0.0.0:*               LISTEN      1204/cupsd          
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1527/master         
tcp        0      0 0.0.0.0:1947            0.0.0.0:*               LISTEN      792/hasplmd         
tcp6       0      0 :::111                  :::*                    LISTEN      710/rpcbind         
tcp6       0      0 :::22                   :::*                    LISTEN      1203/sshd           
tcp6       0      0 ::1:631                 :::*                    LISTEN      1204/cupsd          
tcp6       0      0 ::1:25                  :::*                    LISTEN      1527/master         
tcp6       0      0 :::1947                 :::*                    LISTEN      792/hasplmd    

10、查看某个端口是否被占用

        netstat -lntp | grep 8080