CentOS7 firewalld commonly used commands

Basic usage

• Start: systemctl start firewalld
• Turn off: systemctl stop firewalld
• Check status: systemctl status firewalld
• Boot disabled: systemctl disable firewalld
• Boot enable: systemctl enable firewalld

firewalld-cmd

• Check version: firewall-cmd --version
• View help: firewall-cmd --help
• Display status: firewall-cmd --state
• View all open ports: firewall-cmd --zone=public --list-ports
• Update firewall rules: firewall-cmd --reload
• View zone information: firewall-cmd --get-active-zones
• View the zone to which the specified interface belongs: firewall-cmd --get-zone-of-interface=eth0
• Reject all packages: firewall-cmd --panic-on
• Cancel rejection status: firewall-cmd --panic-off
• Check whether to reject: firewall-cmd --query-panic

Port operation

• Add: firewall-cmd --zone=public --add-port=80/tcp --permanent (--permanent takes effect permanently, it will be invalid after restart without this parameter)
• Reload: firewall-cmd --reload
• View: firewall-cmd --zone= public --query-port=80/tcp
• Delete: firewall-cmd --zone= public --remove-port=80/tcp --permanent