centos7
#查看防火墙状态
~]> firewall-cmd --state
#查看防火墙更多状态
~]> systemctl status firewalld
#启动防火墙
~]> systemctl unmask firewalld
~]> systemctl start firewalld
#跟随系统自动启动
~]> systemctl enable firewalld
#关闭防火墙
systemctl stop firewalld
#关闭自动启动
systemctl disable firewalld
#配置文件的位置
/etc/firewalld/zones/public.xml
//开放端口
<port protocol="tcp" port="9980"/>
//ip天假白名单
<rule family="ipv4">
<source address="82.153.65.59"/>
<accept/>
</rule>
<rule family="ipv6">
<source address="2a12:f8c1:50:8:6680:50c1:404c:319c"/>
<accept/>
</rule>
//添加黑名单
<rule family="ipv4">
<source address="82.153.65.59"/>
<drop/> ##重点
</rule>
添加防火墙规则
#添加ipv4地址到白名单
firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.100" accept'
#添加ipv6地址到白名单
firewall-cmd --add-rich-rule='rule family="ipv6" source address="2001:0db8:85a3::/64" accept'
#添加ipv4 端口到白名单
firewall-cmd --add-rich-rule='rule family="ipv4" port port="80" protocol="tcp" accept'
#添加ipv4 端口到白名单并绑定IP地址
firewall-cmd --add-rich-rule='rule family="ipv4" port port="8080" protocol="tcp" forward-port to-port="80" to-addr="192.168.1.100"'
