一、firewall

1. 查看firewall状态

   firewall-cmd --state

2. 如果firewall为关闭状态，先启动firewall

   systemctl start firewalld

3. 添加firewall指令

   firewall-cmd --permanent --add-rich-rule=‘rule family=ipv4 forward-port port=162 protocol=udp to-port=20162‘
   firewall-cmd --permanent --add-rich-rule=‘rule family=ipv4 forward-port port=161 protocol=udp to-port=20161‘
   firewall-cmd --permanent --add-rich-rule=‘rule family=ipv4 forward-port port=514 protocol=udp to-port=20514‘
   firewall-cmd --permanent --zone=public --add-port=8885/tcp
   firewall-cmd --permanent --zone=public --add-port=9092/tcp
   firewall-cmd --permanent --zone=public --add-port=161/tcp
   firewall-cmd --permanent --zone=public --add-port=162/tcp
   firewall-cmd --permanent --zone=public --add-port=514/udp
   firewall-cmd --permanent --zone=public --add-port=20161/tcp
   firewall-cmd --permanent --zone=public --add-port=20162/tcp
   firewall-cmd --permanent --zone=public --add-port=20514/udp
   firewall-cmd --permanent --zone=public --add-port=9996/udp
   firewall-cmd --permanent --zone=public --add-port=8082/tcp

4. 删除指令

   firewall-cmd --permanent --remove-rich-rule ‘rule family="ipv4" forward-port="514" protocol="udp" tp-port="20514" ‘

1. 重新加载firewall策略

   firewall-cmd --reload

2. 查看新策略是否生效

   firewall-cmd --list-all

二、Iptables

1. 安装iptables
   yum install iptables-services
2. 启动iptables
   service iptables restart
3. 查看iptables状态
   systemctl status firewalld.service
4. 添加iptables端口转发策略

   iptables -t nat -A PREROUTING -p udp -m udp --dport 162 -j REDIRECT --to-ports 20162

   iptables -t nat -A PREROUTING -p udp -m udp --dport 161 -j REDIRECT --to-ports 20161

   iptables -t nat -A PREROUTING -p udp -m udp --dport 514 -j REDIRECT --to-ports 20514

5. 查看新策略是否生效
   iptables -t nat -L -n --line-numbers
   
   
6. 删除规则
   iptables -L -n --line-numbers

原文地址：https://www.cnblogs.com/shwang/p/12015678.html