Linux command
firewall-cmd 命令
文本
复制后可按需替换文件名、目录或参数。
常用示例
Check
firewall-cmd --state
List
firewall-cmd --get-active-zones
List
firewall-cmd --list-all
Add
firewall-cmd --permanent --zone public --add-service https
Add
firewall-cmd --permanent --zone public --add-port 8080/tcp
Remove
firewall-cmd --permanent --zone public --remove-service http
Reload
firewall-cmd --reload
Save
firewall-cmd --runtime-to-permanent
Enable masquerade
firewall-cmd --permanent --zone public --add-masquerade
说明
firewall-cmd is the command-line interface for firewalld, providing dynamic management of the Linux firewall. It supports zones, services, port forwarding, masquerading, and rich rules with both runtime and permanent configurations.
参数
- --state
- Check whether the firewalld daemon is active (returns exit code 0 if running).
- --reload
- Reload firewall rules while keeping state information. Applies permanent rules to the runtime configuration.
- --complete-reload
- Reload the firewall completely, including netfilter kernel modules. May terminate active connections.
- --runtime-to-permanent
- Save the current runtime configuration to permanent.
- --get-zones
- List all predefined zones.
- --get-default-zone
- Print the default zone for connections and interfaces.
- --set-default-zone _zone_
- Set the default zone.
- --get-active-zones
- Print currently active zones with their bound interfaces and sources.
- --list-all-zones
- List all available zones with their complete settings.
- --list-all
- List everything added or enabled in the current or specified zone.
- --zone _zone_
- Specify the zone to operate on.
- --get-services
- List all predefined services.
- --add-service _service_
- Add a service to the zone.
- --remove-service _service_
- Remove a service from the zone.
- --add-port _port/protocol_
- Add a port (or port range) to the zone (e.g. `8080/tcp` or `5000-5100/tcp`).
- --remove-port _port/protocol_
- Remove a previously added port from the zone.
- --add-masquerade
- Enable IPv4 masquerade (NAT) on the zone. Useful when the machine is a router.
- --remove-masquerade
- Disable IPv4 masquerade on the zone.
- --query-masquerade
- Return whether IPv4 masquerade is enabled in the zone.
- --add-rich-rule _rule_
- Add a rich language firewall rule.
- --remove-rich-rule _rule_
- Remove a rich language firewall rule.
- --permanent
- Make changes permanent (survives reboot). Requires `--reload` to take effect at runtime.
- --panic-on / --panic-off
- Enable/disable panic mode (drops all incoming and outgoing traffic).
- --change-interface _interface_
- Change the zone binding of a network interface.
FAQ
What is the firewall-cmd command used for?
firewall-cmd is the command-line interface for firewalld, providing dynamic management of the Linux firewall. It supports zones, services, port forwarding, masquerading, and rich rules with both runtime and permanent configurations.
How do I run a basic firewall-cmd example?
Run `firewall-cmd --state` in a terminal, then adjust file names, paths, flags, or remote targets for your system.
What does --state do in firewall-cmd?
Check whether the firewalld daemon is active (returns exit code 0 if running).