linux firewall 常用命令汇总

查看防火墙上现有的规则

[root@layout1 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: bond0 em3 em4
  sources: 
  services: dhcpv6-client ssh    #默认开启了ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules:

更新防火墙规则 

[root@layout1 ~]# firewall-cmd --reload  

查看防火墙区域信息  默认只启用了public区域

[root@layout1 ~]# firewall-cmd --get-active-zones 
public
  interfaces: em3 em4 bond0 

对端口做放行

[root@layout1 ~]# firewall-cmd --add-port=5900/tcp --permanent  #永久生效

[root@layout1 ~]# firewall-cmd --reload                                          #立即加载

删除端口规则

[root@layout1 ~]# firewall-cmd --remove-port=5900/tcp --permanent

[root@layout1 ~]# firewall-cmd --reload                                    

rich-rule规则限定   动作：  accept  (reject  drop很少用)

[root@layout1 ~]# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="192.168.66.0/24" port port="5900" protocol="tcp" accept' --permanent 

[root@layout1 ~]# firewall-cmd --reload 
[root@layout1 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: bond0 em3 em4
  sources: 
  services: dhcpv6-client ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
    rule family="ipv4" source address="192.168.66.0/24" port port="5900" protocol="tcp" accept

[root@layout1 ~]# firewall-cmd --add-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="80" protocol="tcp" accept' --permanent

删除规则

[root@layout1 ~]# firewall-cmd --remove-service=ssh --permanent

[root@layout1 ~]# firewall-cmd --reload 

#rich-rule添加的时候是哪些，删除的时候也是哪些参数

[root@layout1 ~]# firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.66.0/24" port port="5900" protocol="tcp" accept' --permanent
success
[root@layout1 ~]# firewall-cmd --reload 
success
[root@layout1 ~]# firewall-cmd --list-all