CentOS7x64 防火墙配置

Firewall开启常见端口命令：

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --add-port=443/tcp --permanent
firewall-cmd --zone=public --add-port=22/tcp --permanent
firewall-cmd --zone=public --add-port=21/tcp --permanent
firewall-cmd --zone=public --add-port=53/udp --permanent

 Firewall关闭常见端口命令：

firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=443/tcp --permanent
firewall-cmd --zone=public --remove-port=22/tcp --permanent
firewall-cmd --zone=public --remove-port=21/tcp --permanent
firewall-cmd --zone=public --remove-port=53/udp --permanent

 批量添加区间端口

firewall-cmd --zone=public --add-port=4400-4600/udp --permanent
firewall-cmd --zone=public --add-port=4400-4600/tcp --permanent

 重启防火墙命令：

firewall-cmd --reload  或者   service firewalld restart

 查看端口列表：

firewall-cmd --permanent --list-port

 查看状态

systemctl status firewalld或者 firewall-cmd --state

 直接修改配置文件

vi /etc/firewalld/zones/public.xml 

 修改为

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="dhcpv6-client"/>
  <service name="ssh"/>
    <port protocol = "tcp" port = "xxxxx"/>
    <port protocol = "tcp" port = "xxxxx"/>
</zone>

 修改完成后Reload防火墙即可。