……
| |iptables |firewalld |
|–|–|–|
|查看防火墙状态 | service iptables status |systemctl status firewalld/firewall-cmd –state |
|启动防火墙 |service iptables start |systemctl start firewalld |
| 停止防火墙 |service iptables stop |systemctl stop firewalld |
| 禁用防火墙 |chkconfig iptables off |systemctl disable iptables |
| 重启防火墙 |service iptables restart |firewall-cmd –reload |
| 查看规则 |iptables -L -n |firewall-cmd –list-all |
| 开放端口 |iptables -I INPUT -p tcp –dport 22 -j ACCEPT |firewall-cmd –permanent –add-port=80/tcp |
| 关闭端口 |iptables -I INPUT -p tcp –dport 22 -j DROP |firewall-cmd –permanent –remove-port=80/tcp |
| 端口映射 |iptables -t nat -A PREROUTING -d 192.168.10.88 -p tcp –dport 80 -j DNAT –to-destination 192.168.10.88:8080 |firewall-cmd –add-forward-port=port=80:proto=tcp:toport=8080 |
| 保存规则 |service iptables save |–permanent |
| 清除规则 |iptables -F |—– |
| 备份规则 |iptables-save > /data/myipt.rule #备份规则至/data/myipt.rule |—– |
| 恢复规则 |iptables-restore < /data/myipt.rule #备份规则至/data/myipt.rule |—– |