CentOS7 firewall management commands

The default firewall in CentOS7 has changed from iptables to firewall. AlthoughBaota Panel can directly add firewall rules graphically, Naiba still has some servers without LNMP installed. Here are the CentOS7 firewall management commands for reference

CentOS7 firewall management commands

firewall status management commands

Command to start firewalld

systemctl start firewalld

Command to stop firewall

systemctl stop firewalld

Command to disable firewall

systemctl disable firewalld

Check firewall status

systemctl status firewalld

Command to restart firewall

systemctl restart firewalld

Check if firewall starts on boot

systemctl is-enabled firewalld

firewall port management commands

Command to open a port in firewall (--permanent takes effect permanently; without this parameter, it becomes invalid after reboot)

firewall-cmd --zone=public --add-port=80/tcp --permanent

Command to delete a port in firewall

firewall-cmd --zone= public --remove-port=80/tcp --permanent

Command to open a port range in firewall

firewall-cmd --permanent --zone=public --add-port=100-500/tcp
firewall-cmd --permanent --zone=public --add-port=100-500/udp

After adding, reload the firewall rules once, otherwise it won't take effect. Reload firewall rules

firewall-cmd --reload

If not enabled, new rules cannot be loaded, so you need to start the firewall first. The command is as follows

systemctl start firewalld

Configure firewalld-cmd

查看版本： firewall-cmd --version
查看帮助： firewall-cmd --help
显示状态： firewall-cmd --state
查看所有打开的端口： firewall-cmd --zone=public --list-ports
更新防火墙规则： firewall-cmd --reload
查看区域信息: firewall-cmd --get-active-zones
查看指定接口所属区域： firewall-cmd --get-zone-of-interface=eth0
拒绝所有包：firewall-cmd --panic-on
取消拒绝状态： firewall-cmd --panic-off
查看是否拒绝： firewall-cmd --query-panic