centos7防火墙基本操作

查看防火墙状态： firewall-cmd --state
关闭防火墙：   systemctl stop firewalld
开机自关闭：   systemctl disable firewalld
打开防火墙：   systemctl start firewalld
开机自打开：   systemctl enable firewalld

查看已经生效的规则:           firewall-cmd --list-all
查看所有打开的端口(公开的)： firewall-cmd --zone=public --list-ports
使配置生效(重载防火墙配置)： firewall-cmd --reload

开放1个或多个端口:           firewall-cmd --permanent --zone=public --add-port=8080-8090/tcp
删除1个或多个端口:           firewall-cmd --permanent --zone=public --remove-port=8888/tcp

针对某个IP开放1个端口:        firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.88.1" port protocol="tcp" port="88" accept"
针对某个IP删除1个端口:        firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.88.1" port protocol="tcp" port="88" accept"  

针对某个IP开放端口段:         firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="192.168.88.1" port protocol="tcp" port="10-31000" accept" 
针对某个IP删除端口段:         firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="192.168.88.1" port protocol="udp" port="10-31000" accept"