# 启动
systemctl start firewalld
# 查看状态
systemctl status firewalld
# 停止关闭
systemctl disable firewalld
systemctl stop firewalld
# 把一个源地址加入白名单,以便允许来自这个源地址的所有连接
# 这个在集群中使用常见
# 设置后利用firewall-cmd –reload更新防火墙规则
firewall-cmd –add-rich-rule ‘rule family=”ipv4″ source address=”192.168.1.215″ accept’ –permanent
firewall-cmd –reload
# 特定域内的用户通过ssh可以连接,24标识255.255.255.0
firewall-cmd –remove-service=ssh –permanent
firewall-cmd –add-rich-rule ‘rule family=ipv4 source address=172.16.30.0/24 service name=ssh accept’ –permanent
firewall-cmd –reload
firewall-cmd –list-all
# 将一个用户加入白名单
firewall-cmd –add-lockdown-whitelist-user=hadoop –permanent
firewall-cmd –reload
# 将用户id从白名单中去掉
firewall-cmd –remove-lockdown-whitelist-uid=uid
firewall-cmd –reload
# 查看所有打开的端口:
firewall-cmd –list-ports
# 在某个区域打开端口
firewall-cmd –zone=public –add-port=8080/tcp –permanent
# 关闭端口
firewall-cmd –remove-port=465/tcp
# 打开服务,参见/etc/firewalld 目录下services文件夹中的服务,可以配置
firewall-cmd –permanent –zone=public –add-service=samba
firewall-cmd –add-service=http –permanent
firewall-cmd –reload
# 关闭服务
firewall-cmd –zone=public –remove-service=samba
firewall-cmd –reload