开机启动的开启与禁止
# 查看开机启动的服务
systemctl list-unit-files | grep enabled
# 设置开机启动
systemctl enable firewalld
# 禁止开机启动
systemctl disable firewalld
基本操作
# 查看状态
systemctl status firewalld
# 启动/停止/重启firewalld
systemctl start firewalld
systemctl stop firewalld
systemctl restart firewalld
服务、端口的添加与删除
# 查看被firewalld允许的服务
firewall-cmd --permanent --list-all
# 添加服务,其实就是开启22端口
firewall-cmd --permanent --add-service=ssh
# 添加端口
firewall-cmd --permanent --add-port=1234/tcp
# 删除服务
firewall-cmd --permanent --remove-service=ssh
# 删除端口
firewall-cmd --permanent --remove-port=1234/tcp
端口转发
# 将80端口转发至8080
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
# 将80端口转发至192.168.0.1
firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.1
# 将80端口的流量转发至192.168.0.1的8080端口
firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.1:toport=8080
# 删除端口转发
firewall-cmd --remove-forward-port=port=80:proto=tcp:toaddr=192.168.0.1
使操作生效
firewall-cmd --reload
