CentOs 7 firewalld 防火墙无法启动

CentOs 7 无法启动，提示“Job for firewalld.service failed because a timeout was exceeded. See “systemctl status firewalld.service” and “journalctl -xe” for details.”

排错

启动报错提示如下图

排错很久，发现服务没有启动，但是有一个firewall的进程

kill掉这个进程，顺利启动

常用firewall命令

firewall-cmd –list-services
firewall-cmd –list-ports
firewall-cmd –add-port 80/tcp 添加端口
firewall-cmd –add-service http 添加服务
firewall-cmd –zone=external –add-masquerade 开启端口转发
firewall-cmd –zone=external –add-forward-port=port=80:proto=tcp:toport=8080 本机80转发到本机8080
firewall-cmd –zone=external –add-forward=port=9090:proto=tcp:toaddr=192.168.234.130 9090转发到另外一台机器的9090
firewall-cmd –zone=external –add-forward=port=23:proto=tcp:toport=2003:toaddr=192.168.234.130 23转发到另外一台机器的2003
firewall-cmd –zone=public –add-port=5060-5059/udp –permanent 范围端口，永久生效
firewall-cmd –permanent –add-icmp-block=echo-reply 允许ICMP响应应答报文

顺便推荐一篇firewalld写的很好，很全的文章

CentOS 7下使用FirewallD构建动态防火墙

参考链接

---