firewalld 相关链接: https://firewalld.org/
Firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces.
Changes can be done immediately in the runtime environment. No restart of the service or daemon is needed.
$ firewall-cmd --zone=public --add-port=443/tcp --permanent
$ firewall-cmd --zone=public --add-service=https --permanent
$ firewall-cmd --zone=public --add-rich-rule=‘rule family="ipv4" source address="10.10.10.0/24" port protocol="tcp" port="443" accept‘ --permanent
SNAT
# 开启 NAT 转发
firewall-cmd --permanent --zone=public --add-masquerade
# 开放 DNS 使用的 53 端口,UDP
# 必须,否则其他机器无法进行域名解析
firewall-cmd --zone=public --add-port=80/tcp --permanent
# 检查是否允许 NAT 转发
firewall-cmd --query-masquerade
# 禁止防火墙 NAT 转发
firewall-cmd --remove-masquerade
DNAT
# 将80端口的流量转发至8080
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080
# 将80端口的流量转发至192.168.0.1
firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.1
# 将80端口的流量转发至192.168.0.1的8080端口
firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.1:toport=8080
原文:https://www.cnblogs.com/vincenshen/p/12339778.html