Firewalld开放端口

Edited on In

查看所有打开的端口

1
sudo firewall-cmd --zone=public --list-ports

查看端口是否开放

1
sudo firewall-cmd --zone=public --query-port=80/tcp

添加开放端口

1
2
3
4
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
sudo firewall-cmd --zone=public --add-port=20003/tcp --permanent
# 开放服务
sudo firewall-cmd --zone=public --add-service=nfs --permanent

permanent永久生效,没有此参数重启后失效

更新防火墙规则

1
sudo firewall-cmd --reload

删除开放端口

1
sudo firewall-cmd --zone=public --remove-port=80/tcp --permanent

端口转发

1
2
3
4
5
6
7
8
9
10
make
make install
sed -i 's/#user  nobody;/user nginx;/' /opt/nginx/nginx/conf/nginx.conf
# 默认情况下Linux的1024以下端口是只有root用户才有权限占用 ,所以80 端口改为 50080
# firewall配置端口转发
sudo firewall-cmd --permanent --add-masquerade
# sudo firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toaddr=127.0.0.1:toport=50080
sudo firewall-cmd --permanent --zone=public --add-forward-port=port=80:proto=tcp:toport=50080
sudo firewall-cmd --reload
/opt/nginx/nginx/sbin/nginx -c /opt/nginx/nginx/conf/nginx.conf

源IP

1
2
# 192.168.1.1/24
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.1.1/24" port protocol="tcp" port="3306" accept"

本文地址: https://github.com/maxzhao-it/blog/post/93d07d99/