查看防火墙状态

systemctl status firewalld.service

执行关闭命令

systemctl stop firewalld.service

执行开机禁用防火墙自启命令

systemctl disable firewalld.service

启动防火墙

systemctl start firewalld.service

防火墙随系统开启启动

systemctl enable firewalld.service

永久暴露端口

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all

永久移除端口

firewall-cmd --zone=public --remove-port=80/tcp --permanent
firewall-cmd --reload
firewall-cmd --list-all

临时添加IP白名单

iptables -I INPUT 1 -s 192.168.8.222 -p tcp -j ACCEPT

永久添加IP白名单

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.8.222" accept"
firewall-cmd --reload
firewall-cmd --list-all

永久移除IP白名单

firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.8.222" accept"
firewall-cmd --reload
firewall-cmd --list-all