参考链接:
firewalld的9个zone、firewalld关于zone和service的操作
CentOS 7下用firewall-cmd控制端口与端口转发详解
firewalld服务启动后会接管iptables,默认会开启ssh和dhcp服务
无视系统防火墙的docker
https://www.binss.me/blog/docker-pass-through-system-firewall/
启动服务
systemctl enable firewalld
systemctl start firewalld
systemctl status firewalld
基本操作
firewall-cmd --list-all
firewall-cmd --reload
ports
firewall-cmd --zone=public --permanent --add-port=3306/tcp
firewall-cmd --zone=public --permanent --remove-port=3306/tcp
forward-ports
firewall-cmd --zone=public --permanent --add-forward-port=port=5353:proto=udp:toport=53
firewall-cmd --zone=public --permanent --remove-forward-port=port=5353:proto=udp:toport=53
rich-rule
firewall-cmd --zone=public --permanent --add-rich-rule="rule family="ipv4" source address="8.131.68.94" accept"
firewall-cmd --zone=public --permanent --remove-rich-rule="rule family="ipv4" source address="8.131.68.94" accept"
伪装ip
firewall-cmd --query-masquerade # 检查是否允许伪装IP
firewall-cmd --permanent --add-masquerade # 允许防火墙伪装IP
firewall-cmd --permanent --remove-masquerade# 禁止防火墙伪装IP