查看防火墙状态
systemctl status firewalld.service
执行关闭命令
systemctl stop firewalld.service
执行开机禁用防火墙自启命令
systemctl disable firewalld.service
启动防火墙
systemctl start firewalld.service
防火墙随系统开启启动
systemctl enable firewalld.service
永久暴露端口
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
永久移除端口
firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all
临时添加IP白名单
iptables -I INPUT 1 -s 192.168.8.222 -p tcp -j ACCEPT
永久添加IP白名单
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.8.222" accept"
firewall-cmd --reload
firewall-cmd --list-all
永久移除IP白名单
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.8.222" accept"
firewall-cmd --reload
firewall-cmd --list-all