1、打开防火墙:systemctl start firewalld
2、关闭防火墙:systemctl stop firewalld
3、查看防火墙:systemctl status firewalld
4、重启防火墙:systemctl restart firewalld
5、查看开放的端口:firewall-cmd --zone=public --list-ports
6、开放特定的端口:firewall-cmd --zone=public --add-port=8888/tcp --permanent (–permanent永久生效,没有此参数重启后失效)
7、关闭端口:firewall-cmd --zone=public --remove-port=8888/tcp --permanent
8、指定ip访问固定的端口(允许127.0.0.1 访问5433端口)
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="127.0.0.1" port protocol="tcp" port="5433" accept"
9、限制IP为127.0.0.1的地址禁止访问8899端口即禁止访问机器
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="127.0.0.1" port protocol="tcp" port="8899" reject"
10、删除已设置规则
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address=" 127.0.0.1" port protocol="tcp" port="8888" accept"
备注:执行完命令后记得重新加载-----
重新载入一下防火墙设置,使设置生效firewall-cmd --reload