查看防火墙启动状态

systemctl status firewalld

重新载入配置

firewall-cmd --reload

查看已设置规则

firewall-cmd --zone=public --list-rich-rules

查看开放端口

firewall-cmd --list-port

添加开放端口

firewall-cmd --zone=public --add-port=3306/tcp --per && firewall-cmd --reload

移除端口

firewall-cmd --zone=public --remove-port=8848/tcp --per && firewall-cmd --reload

netstat -tunlp | grep 6089

lsof -i:端口号

指定的IP段访问指定的端口

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.xx.xx.32/24" port protocol="tcp" port="22" accept"

端口转发

#开启端口伪装

firewall-cmd --add-masquerade --permanent

firewall-cmd --permanent --add-forward-port=port=9999:proto=tcp:toaddr=192.168.199.185:toport=3389

firewall-cmd --reload

移除端口转发

firewall-cmd --remove-forward-port=port=443:proto=tcp:toport=443:toaddr=10.0.53.198 && firewall-cmd --reload

查看iptables

iptables -nvL --line-numbers

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.34.103.4/32" accept'

firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="10.34.103.4" port protocol="tcp" port="3306" accept'

firewall-cmd --permanent --remove-service=mysql

firewall-cmd --reload