查看防火墙状态
firewall-cmd --state
刷新防火墙
firewall-cmd --reload
启动/停止 firewall
systemctl start firewalld.service
systemctl stop firewalld.service
启用/禁止 firewall 开机启动
systemctl enable firewalld.service
systemctl disable firewalld.service
新增开放端口
firewall-cmd --zone=public --add-port=端口号或端口范围/tcp --permanent
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.0.0.0/24" port port="1-65535" protocol="tcp" accept'
移除开放端口
firewall-cmd --zone=public --remove-port=端口号或端口范围/tcp --permanent
firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="10.0.0.0/24" port port="1-65535" protocol="tcp" accept'
查看开放的端口
firewall-cmd --zone=public --list-ports
firewall-cmd --list-rich-rules --zone=public
