本文共 4689 字,大约阅读时间需要 15 分钟。
命令描述:firewalld 防火墙规则管理工具
用法:firewalld-cmd [OPTIONS…] 选项:--get-default-zone # 获取默认 zone 信息 --set-default-zone=# 设置默认 zone --get-active-zone # 显示当前正在使用的 zone --get-zone # 显示系统预定义的zone --get-services # 显示系统预定义的服务名称 --get-zone-of-interface= # 查询某个接口与哪个 zone 匹配 --get-zone-of-source=
[root@server ~]# firewall-cmd --get-default-zone public
[root@server ~]# firewall-cmd --set-default-zone=trusted success
[root@server ~]# firewall-cmd --get-active-zones trusted interfaces: ens33
[root@server ~]# firewall-cmd --get-zones block dmz drop external home internal public trusted work
[root@server ~]# firewall-cmd --get-services RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine cockpit condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
[root@server ~]# firewall-cmd --get-zone-of-interface=ens33trusted
[root@server ~]# firewall-cmd --list-all-zones block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: 部分内容省略... ... ...
[root@server ~]# firewall-cmd --add-service=ftp --zone=public success
[root@server ~]# firewall-cmd --remove-service=ftp --zone=public success
[root@server ~]# firewall-cmd --add-port=3306/tcp --zone=public success
[root@server ~]# firewall-cmd --remove-port=3306/tcp --zone=public success
[root@server ~]# firewall-cmd --add-interface=ens33 --zone=public The interface is under control of NetworkManager, setting zone to 'public'.success
[root@server ~]# firewall-cmd --remove-interface=ens33 --zone=trusted The interface is under control of NetworkManager, setting zone to default.success
[root@server ~]# firewall-cmd --add-source=6.6.6.7 --zone=public success
[root@server ~]# firewall-cmd --list-alltrusted (active) target: ACCEPT icmp-block-inversion: no interfaces: ens33 sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
[root@server ~]# firewall-cmd --list-all --zone=public public (active) target: default icmp-block-inversion: no interfaces: sources: 6.6.6.7 services: ssh dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
[root@server ~]# firewall-cmd --permanent --add-port=3306/tcp --zone=public success
[root@server ~]# firewall-cmd --reloadsuccess
转载地址:http://bhnwi.baihongyu.com/