1、查看firewalld防火墙自带的区域名

[root@web ~]# firewall-cmd --get-zones

block dmz drop external home internal public trusted work

2、查看当前使用的默认区域

[root@web ~]# firewall-cmd --get-default-zone

public

3、查看某区域的详细配置

[root@web ~]# firewall-cmd --list-all --zone=public

public (active)  target: default  icmp-block-inversion: no  interfaces: eth0  sources:   services: ssh dhcpv6-client  ports:   protocols:   masquerade: no  forward-ports:   source-ports:   icmp-blocks:   rich rules:

 4、修改默认区域

[root@node_01 ~]# firewall-cmd --set-default-zone=trusted

success

[root@node_01 ~]# firewall-cmd --reload

success

[root@node_01 ~]# firewall-cmd --get-default-zone

trusted

数据过滤

1、放行服务

1) 服务名称

[root@node_01 ~]# firewall-cmd --permanent --add-service=http --zone=public

success

[root@node_01 ~]# firewall-cmd --reload

success

[root@node_01 ~]# firewall-cmd --list-all --zone=public

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client http ssh

ports:

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

[root@node_01 ~]# firewall-cmd --permanent --add-service=ftp --zone=public

success

[root@node_01 ~]# firewall-cmd --reload

success

2) 端口号

[root@node_01 ~]# firewall-cmd --permanent --add-port=3306/tcp --zone=public

success

[root@node_01 ~]# firewall-cmd --permanent --add-port=3260/tcp --zone=public

success

[root@node_01 ~]# firewall-cmd --reload

success

[root@node_01 ~]# firewall-cmd --list-all

public (default, active)

interfaces: eth0

sources:

services: dhcpv6-client ftp http ssh

ports: 3306/tcp 3260/tcp

masquerade: no

forward-ports:

icmp-blocks:

rich rules:

2、禁止服务

--remove-service=

--remove-port=

 3、亚信

添加

sudo firewall-cmd --zone=public --add-port=10050/tcp --permanent 

sudo firewall-cmd --add-port=9299/tcp --zone=public --permanent

重新载入

firewall-cmd —reload

sudo firewall-cmd  --reload

不好使重启防火墙