1、查看状态

systemctl status firewalld 或 firewall-cmd --state

image.png

2、查看端口列表

firewall-cmd --permanent --list-port
firewall-cmd --list-all

3、开启常见端口

firewall-cmd --zone=public --add-port=3306/tcp --permanent
firewall-cmd --zone=public --add-port=3306/udp --permanent

4、关闭常见端口

firewall-cmd --zone=public --remove-port=3306/tcp --permanent
firewall-cmd --zone=public --remove-port=3306/udp --permanent

5、批量添加区间端口

firewall-cmd --zone=public --add-port=3306-3309/tcp --permanent

6、批量删除区间端口

firewall-cmd --zone=public --remove-port=3306-3309/tcp --permanent

6、 禁用防火墙

systemctl stop firewalld

7、开启防火墙

systemctl start firewalld.service

8、重启防火墙

firewall-cmd --reload 
service firewalld restart

9、设置开机启动

systemctl enable firewalld

10、停止并禁用开机启动

systemctl disable firewalld