# Firewalld 防火牆 ###### tags: `主機管理` > [基於國家 IP 段的資料](https://github.com/herrbischoff/country-ip-blocks) * 透過 state 可以查看目前運行狀態,如果顯示 running 就表示正常運行 ```bash firewall-cmd --state ``` * 查詢指令用法 ```bash firewall-cmd --help ``` * 查看目前防火牆名單 ```bash firewall-cmd --list-all ``` * 永久設定參數 `--permanent` * 設定內容 * 針對port ```bash= firewall-cmd --permanent --add-port=22/TCP firewall-cmd --permanent --remove-port=22/TCP ``` * 針對連線協定 ```bash= firewall-cmd --permanent --add-service=ssh firewall-cmd --permanent --remove-service=ssh ``` * 針對特定ip ```bash= firewall-cmd --permanent --add-source=192.168.1.100 firewall-cmd --permanent --add-source=192.168.1.0/24 firewall-cmd --permanent --remove-source=192.168.1.100 ``` * 利用rich rule來進行細節設定 ```bash= #單一IP firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.100' reject" #除了針對特定單一IP外,再針對特別連線port進行設定 firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="3306" accept' #針對IP範圍 firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='192.168.1.0/24' reject" ``` * 重新載入防火牆規則 > 每次重新設定防火牆後,firewalld 並不會自動生效,需要透過 reload 重新載入規則讓設定生效 ```bash firewall-cmd --reload ```
×
Sign in
Email
Password
Forgot password
or
By clicking below, you agree to our
terms of service
.
Sign in via Facebook
Sign in via Twitter
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Wallet (
)
Connect another wallet
New to HackMD?
Sign up