\u67e5\u770b\u670d\u52a1\u72b6\u6001\/\u5237\u65b0\u89c4\u5219\u4f7f\u751f\u6548\uff1a<\/p>\n
systemctl status firewalld \/ service firewalld restart\r\nfirewall-cmd --reload<\/strong><\/pre>\n<\/p>\n
\u6c38\u4e45\u6253\u5f00\u7aef\u53e3\uff1a<\/p>\n
firewall-cmd --add-port=8080\/tcp --permanent\r\nfirewall-cmd --add-port=5000-5100\/tcp --permanent\r\nfirewall-cmd --add-port={110\/tcp,143\/tcp} --permanent\r\nfirewall-cmd --add-service=smtp --permanent\r\nfirewall-cmd<\/span> --<\/span>permanent --<\/span>add-rich<\/span>-rule<\/span>=<\/span>\"rule family=\"<\/span>ipv4\" source address=\"127.0.0.1<\/span>\" port protocol=\"<\/span>tcp\" port=\"<\/span>8000<\/span>\" accept\"\r\n<\/span>#\u5bf9\u6307\u5b9a\u8fdc\u7a0bIP\u5730\u5740127.0.0.1\u6253\u5f008000\u7aef\u53e3<\/pre>\n<\/p>\n
\u6c38\u4e45\u7981\u6b62\uff1a<\/p>\n
firewall-cmd --permanent --add-rich-rule=\"rule family=ipv4 source address='x.x.x.x\/24' service name='ssh' drop\"<\/pre>\n<\/p>\n
\u5217\u51fa\u6240\u6709\u7684\u5167\u5bb9\uff1a<\/span><\/p>\n
firewall-cmd --list-all-zones<\/span>\r\nfirewall-cmd --list-all<\/span><\/pre>\n<\/p>\n
\u6c38\u4e45\u5220\u9664HTTP\u670d\u52a1\u7aef\u53e3\uff1a <\/span><\/p>\n
firewall-cmd --zone=public <\/span>--permanent <\/span>--remove-service=http\r\nfirewall-cmd --zone=public --permanent --remove-port=80\/tcp\r\nfirewall-cmd<\/span> --<\/span>permanent --<\/span>remove-rich<\/span>-rule<\/span>=<\/span>\"rule family=\"<\/span>ipv4\" source address=\"127.0.0.1<\/span>\" port protocol=\"<\/span>tcp\" port=\"<\/span>8000<\/span>\" accept\"<\/span>\r\n\r\n<\/span><\/pre>\n<\/p>\n
\u7aef\u53e3\u8f6c\u53d1\uff1a<\/p>\n
firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55\r\nfirewall-cmd --permanent --add-masquerade<\/pre>\n\u8f6c\u53d1\u548c\u4f2a\u88c5\uff08\u9700\u8981\u8f6c\u53d1\u7684\u7f51\u5361wg0\uff0cip:10.200.200.1\uff09\uff1a<\/p>\n
firewall-cmd --permanent --direct --add-rule ipv4 filter FORWARD 0 -i wg0 -o eth0 -j ACCEPT\r\nfirewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.200.200.1\/24 masquerade'<\/pre>\n","protected":false},"excerpt":{"rendered":"\u67e5\u770b\u670d\u52a1\u72b6\u6001\/\u5237\u65b0\u89c4\u5219\u4f7f\u751f\u6548\uff1a systemctl status firewalld \/ service fi […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,13],"tags":[32,35],"class_list":["post-84","post","type-post","status-publish","format-standard","hentry","category-linux","category-study","tag-centos","tag-firewalld"],"_links":{"self":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/84","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=84"}],"version-history":[{"count":19,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/84\/revisions"}],"predecessor-version":[{"id":191,"href":"https:\/\/www.0moon.com\/index.php?rest_route=\/wp\/v2\/posts\/84\/revisions\/191"}],"wp:attachment":[{"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=84"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=84"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.0moon.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=84"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}