firewall-cmd 常用操作

防火墙配合 fail2ban 实现更好的安全防护。

firewall-cmd --get-active-zones
firewall-cmd --get-services

firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --zone=public --remove-port=80/tcp --permanent

firewall-cmd --zone=public --add-service=ssh --permanent
firewall-cmd --zone=public --remove-service=ssh --permanent

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.188.222" port protocol="tcp" port="3306" accept"
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address=" 192.168.1.100" port protocol="tcp" port="3306" accept"

firewall-cmd --reload

firewall-cmd --list-all
firewall-cmd --list-services

参考:https://wangchujiang.com/linux-command/c/firewall-cmd.html