firewall-cmd常用命令

发表于 更新于 分类于

常用命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
# 开启防火墙
systemctl start firewalld.service
# 防火墙开机启动
systemctl enable firewalld.service
# 查看服务状态
systemctl enable firewalld.service

# 查看当前状态
firewall-cmd --list-all
firewall-cmd --list-services
firewall-cmd --list-ports
firewall-cmd --state

# 开放通过tcp访问3306
firewall-cmd --permanent --add-port=3306/tcp
# 阻止通过tcp访问
firewall-cmd --permanent --remove-port=3306/tcp
# 添加多个端口
firewall-cmd --permanent --zone=public --add-port=8080-8083/tcp

# 针对某个 IP开放端口
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.142.166" port protocol="tcp" port="6379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.233" accept"
# 删除某个IP
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.1.51" accept"
# 针对一个ip段访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.0.0/16" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="9200" accept"


# 将80端口的流量转发至8080
firewall-cmd  --permanent --add-forward-port=port=80:proto=tcp:toport=8080   
# 将80端口的流量转发至192.168.0.1
firewall-cmd  --permanent --add-forward-port=proto=80:proto=tcp:toaddr=192.168.1.0.1 
# 将80端口的流量转发至192.168.0.1的8080端口123 
firewall-cmd  --permanent --add-forward-port=proto=80:proto=tcp:toaddr=192.168.0.1:toport=8080        

# 重载
firewall-cmd --reload

远程访问端口转发命令

1
2
3
4
5
6
7
8
9
10
11
echo 1 >/proc/sys/net/ipv4/ip_forward
systemctl start firewalld
systemctl enable firewalld
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --permanent --add-port=53389/tcp 
firewall-cmd --zone=public --permanent --add-port=2222/tcp 
firewall-cmd --zone=public --permanent --add-port=1194/tcp 
firewall-cmd --zone=public --permanent --add-forward-port=port=53389:proto=tcp:toaddr=10.8.0.3:toport=3389
firewall-cmd --zone=public --permanent --add-forward-port=port=2222:proto=tcp:toaddr=10.8.0.4:toport=2222
firewall-cmd --zone=public --permanent --add-port=8080/tcp
firewall-cmd --reload

参考文档

https://www.niwoxuexi.com/blog/php/article/339.html