centos7防火墙设置

zabbix机器系统防火墙（centos7）

查看防火墙状态

firewall-cmd --state
firewall-cmd --list-all

防火墙基本命令

//Disable firewall
systemctl disable firewalld
systemctl stop firewalld
systemctl status firewalld
//Enable firewall
systemctl enable firewalld
systemctl start firewalld
systemctl status firewalld

添加端口

firewall-cmd --zone=public --add-port=3000/tcp --permanent
添加多个端口
firewall-cmd --zone=public --add-port=100-500/tcp  --permanent
firewall-cmd --reload
删除端口
firewall-cmd --zone=public --remove-port=3000/tcp --permanent

关闭默认打开的服务，因为ssh是另外的端口关闭ssh服务

firewall-cmd --list-service
firewall-cmd --permanent --remove-service=ssh    ##ssh指上一条命令打开的服务
firewall-cmd --reload
firewall-cmd --list-service   ##再次查看ssh（22）服务已关闭
也可以使用
iptables -L -n

防火墙端口转发
80->9000 443->10443

firewall-cmd --add-forward-port=port=80:proto=tcp:toport=9000 --permanent
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=10443 --permanent
firewall-cmd --reload

开机自启动

//Enable firewall
systemctl enable firewalld
systemctl status firewalld

参考：https://blog.imzhengfei.com/centos-7-pei-zhi-firewalld-fang-huo-qiang/