CentOS 7
查看防火墙状态
systemctl status firewalld开启防火墙
systemctl start firewalld防火墙开机自启
systemctl enable firewalld关闭防火墙
systemctl stop firewalld永久关闭防火墙
systemctl disable firewalld重载防火墙 (修改规则后都需要重载才能生效)
firewall-cmd --reload开放端口
firewall-cmd --zone=public --add-port=22/tcp --permanent限制端口
firewall-cmd --zone=public --remove-port=22/tcp --permanent批量开放端口
firewall-cmd --zone=public --add-port=100-500/tcp --permanent批量限制端口
firewall-cmd --zone=public --remove-port=100-500/tcp --permanent查看放开的所有端口
firewall-cmd --zone=public --list-ports限制IP地址访问
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" reject"解除IP地址限制
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.0.0.0/24" port protocol="tcp" port="80" accept"查看设置防火墙规则
firewall-cmd --zone=public --list-rich-rulesUbuntu 20.04
查看防火墙状态
ufw status启用防火墙
ufw enable禁用防火墙
ufw disable重载防火墙
ufw reload开放单个端口
ufw allow 80开放端口区间
ufw allow 80:90/tcp限制端口
ufw deny 80关闭端口
ufw delete allow 20允许外部访问
ufw default allow拒绝外部访问
ufw default deny允许IP地址访问所有端口
ufw allow from 192.168.*.*拒绝IP地址访问所有端口
ufw delete allow from 192.168.*.*允许指定IP访问端口
ufw allow from 192.168.121.2 to any port 3306关闭指定IP访问端口
ufw delete allow from 192.168.121.2 to any port 3306