Linux Service Firewalld A service daemon with D-Bus interface firewalld CentOS 7 1 2 # cd /usr/lib/firewalld/services/ # cp /usr/lib/firewalld/services/ssh.xml /etc/firewalld/services/ 1 2 # systemctl start/stop/restart/status firewalld # systemctl enable/disable firewalld 1 2 3 4 5 6 7 8 9 # firewall-cmd --list-all # firewall-cmd --list-ports # firewall-cmd --state # firewall-cmd --complete-reload # firewall-cmd --reload # firewall-cmd --list-all # firewall-cmd --info-service samba # firewall-cmd --add-service=ftp --permanent samba # firewall-cmd --remove-service=ftp --permanent samba 1 2 3 4 # firewall-cmd --list-all-zone # firewall-cmd --get-default-zone # firewall-cmd --get-active-zone # firewall-cmd --delete-zone=syncthing --permanent 1 2 3 # firewall-cmd --zone=external --list-all # firewall-cmd --zone=internal --change-interface=ens33 # firewall-cmd --get-services 1 2 3 # firewall-cmd --zone=external --permanent --add-service=http # firewall-cmd --zone=external --permanent --remove-service=http # firewall-cmd --zone=internal --permanent --add-service={pop3,pop3s,http,https,dns,ftp,snmp,smtp,squid} 1 2 3 4 # firewall-cmd --zone=public --add-port=21964/tcp --permanent # firewall-cmd --zone=public --remove-port=21964/tcp --permanent # firewall-cmd --zone=public --add-port=2121-2221/tcp --permanent # firewall-cmd --zone=public --add-port={2121/tcp,2221/tcp} --permanent 1 # firewall-cmd --permanent --delete-zone=xrdp Notes Port forwarding and masquerading 1 2 3 4 5 6 # firewall-cmd --query-masquerade # 检查是否允许伪装IP # firewall-cmd --add-masquerade # 允许防火墙伪装IP # firewall-cmd --remove-masquerade # 禁止防火墙伪装IP # firewall-cmd --direct --permanent --add-rule ipv4 nat POSTROUTING 0 -o external -j MASQUERADE # firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i internal -o external -j ACCEPT # firewall-cmd --direct --permanent --add-rule ipv4 filter FORWARD 0 -i external -o internal -m state --state RELATED,ESTABLISHED -j ACCEPT