firewalld开放指定端口

 

# systemctl start firewalld　　 启动防火墙
# systemctl status firewalld　　查看防火墙
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: active (running) since Sun 2022-07-17 15:43:13 CST; 1 months 9 days ago
     Docs: man:firewalld(1)
 Main PID: 35043 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─35043 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopi...

Jul 17 15:43:12 zhsq01 systemd[1]: Starting firewalld - dynamic firewall.....
Jul 17 15:43:13 zhsq01 systemd[1]: Started firewalld - dynamic firewall ...n.
Hint: Some lines were ellipsized, use -l to show in full.

 

1、查看防火墙端口列表
firewall-cmd --list-ports
2、添加指定端口tcp
firewall-cmd --zone=public --add-port=8080/tcp --permanent　#开放8080/tcp端口　

firewall-cmd --zone=public --add-port=10002-10010/tcp --permanent　　#开放10002-10010/tcp端口范围

添加指定端口udp

firewall-cmd --zone=public --add-port=9200/udp --permanent　　　　　　#开放9200/udp端口
firewall-cmd --zone=public --add-port=20015-20020/udp --permanent　　#开放20015-20020/udp端口范围

3、删除指定端口

firewall-cmd --zone= public --remove-port=19800/tcp --permanent　　　　#删除已开放的19880/tcp端口

firewall-cmd --zone= public --remove-port=9200-9300/udp --permanent　　#删除已开放的9200-9300/udp 端口范围
4、热加载防火墙，使之生效
firewall-cmd --reload

5、指定某IP访问某端口
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.0.107" port protocol="tcp" port="3306" accept"

删除策略

firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="192.168.0.107" port protocol="tcp" port="3306" accept"

6、指定某个网段访问某个端口范围
firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="11.76.168.0/24" port protocol="udp" port="1-65535" accept"

删除策略

firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="11.76.168.0/24" port protocol="tcp" port="1-65535" accept"