搬瓦工服务器centos7开启/设定防火墙

运行防火墙命令时候，发现提示：FirewallD is not running

开启：systemctl start firewalld

查看状态：firewall-cmd –state

服务被锁定无法添加规则，解除锁定： systemctl unmask firewalld

锁定防火墙：systemctl mask firewalld

关闭防火墙：systemctl stop firewalld

给public规则添加3306端口：firewall-cmd –permanent –zone=public –add-port=3306/tcp

开放指定端口：firewall-cmd –zone=public –add-port=1935/tcp –permanent

关闭/删除指定端口：firewall-cmd –zone=public –remove-port=5672/tcp –permanent

重启防火墙：firewall-cmd –reload

重新启动：systemctl start firewalld.service //方法2

检查是否允许伪装IP：firewall-cmd –query-masquerade

允许防火墙伪装IP：firewall-cmd –permanent –add-masquerade

禁止防火墙伪装IP：firewall-cmd –permanent –remove-masquerade

增加规则：firewall-cmd –permanent —add-rich-rule=”rule family=’ipv4′ source address=’10.2.7.202/32′ port protocol=’tcp’ port=’1024′ accept”

防火墙规则列表：firewall-cmd –list-all 

编辑防火墙规则：vi /etc/firewalld/zones/public.xml

列出所有类型public 的端口：firewall-cmd –zone=public –list-ports

临时删除端口：firewall-cmd –remove-port=8056/tcp

永久删除卡对外开放的端口：firewall-cmd –zone=public –remove-port=8005/tcp –permanent

添加转发规则：firewall-cmd –permanent –add-forward-port=port=1024:proto=tcp:toaddr=10.2.7.201:toport=2048

删除转发规则：firewall-cmd –permanent –zone=public –remove-forward-port=port=8056:proto=tcp:toaddr=xxx.xx.xx.xxx:toport=3356

记得参数都是两个减号 – – ，因为系统原因，都只显示一个参数。