CentOS 7
查看防火墙状态
systemctl status firewalld
开启防火墙
systemctl start firewalld
防火墙开机自启
systemctl enable firewalld
关闭防火墙
systemctl stop firewalld
永久关闭防火墙
systemctl disable firewalld
重载防火墙 (修改规则后都需要重载才能生效)
firewall-cmd --reload
开放端口
firewall-cmd --zone=public --add-port=22/tcp --permanent
限制端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent
批量开放端口
firewall-cmd --zone=public --add-port=100-500/tcp --permanent
批量限制端口
firewall-cmd --zone=public --remove-port=100-500/tcp --permanent
查看放开的所有端口
firewall-cmd --zone=public --list-ports
限制IP地址访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" reject"
解除IP地址限制
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" accept"
查看设置防火墙规则
firewall-cmd --zone=public --list-rich-rules
Ubuntu 20.04
查看防火墙状态
ufw status
启用防火墙
ufw enable
禁用防火墙
ufw disable
重载防火墙
ufw reload
开放单个端口
ufw allow 80
开放端口区间
ufw allow 80:90/tcp
限制端口
ufw deny 80
关闭端口
ufw delete allow 20
允许外部访问
ufw default allow
拒绝外部访问
ufw default deny
允许IP地址访问所有端口
ufw allow from 192.168.*.*
拒绝IP地址访问所有端口
ufw delete allow from 192.168.*.*
允许指定IP访问端口
ufw allow from 192.168.121.2 to any port 3306
关闭指定IP访问端口
ufw delete allow from 192.168.121.2 to any port 3306