1、启动和启用firewalld
systemctl start firewalld
systemctl enable firewalld
2、查看firewalld状态
firewall-cmd --state
3、查看所有开放的端口和服务
firewall-cmd --list-all
4、添加/删除端口
firewall-cmd --zone=public --add-port=80/tcp
firewall-cmd --zone=public --remove-port=80/tcp
5、添加删除服务
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --remove-service=http
6、设置永久规则,服务重启仍然生效
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
7、rich-rule 实现ip端口限制访问
7.1 添加规则
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="127.0.0.1/32" port port="8000" protocol="tcp" accept'
firewall-cmd --reload
7.2 删除规则
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="127.0.0.1/32" port port="8000" protocol="tcp" accept'
firewall-cmd --reload
