# 查看状态
firewall-cmd --state
firewall-cmd --get-zones
firewall-cmd --get-active-zones
firewall-cmd --zone=mysql --list-all
# 使生效
firewall-cmd --reload
# Zone方式 -------------------------------------------------
# 添加Zone
firewall-cmd --permanent --new-zone=mysql
# 添加规则
firewall-cmd --permanent --zone=mysql --add-source=192.168.0.0/24
firewall-cmd --permanent --zone=mysql --add-port=3306/tcp
# 删除规则
firewall-cmd --permanent --zone=mysql --remove-source=192.168.0.0/24
firewall-cmd --permanent --zone=mysql --remove-port=3306/tcp
# 删除Zone
firewall-cmd --permanent --delete-zone=mysql
# Rich-rule方式 --------------------------------------------
# 添加规则
firewall-cmd --permanent –-zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" port protocol="tcp" port="3306" accept'
# 删除规则
firewall-cmd --permanent –-zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" port protocol="tcp" port="3306" accept'
参考:
https://blog.csdn.net/firstcode666/article/details/121870807