You've already forked www.colben.cn
update
This commit is contained in:
@@ -6,7 +6,7 @@ tags: ["firwalld"]
|
||||
categories: ["network"]
|
||||
---
|
||||
|
||||
# 区域(zone)
|
||||
## 区域(zone)
|
||||
- 查看支持的 zone
|
||||
```bash
|
||||
firewall-cmd --get-zones [--permanent]
|
||||
@@ -43,7 +43,7 @@ categories: ["network"]
|
||||
firewall-cmd [--zone=<zone>] --list-all
|
||||
```
|
||||
|
||||
# 源地址(source)
|
||||
## 源地址(source)
|
||||
- 列出指定zone的所有绑定的source地址
|
||||
```bash
|
||||
firewall-cmd [--permanent] [--zone=zone] --list-sources
|
||||
@@ -65,7 +65,7 @@ categories: ["network"]
|
||||
firewall-cmd [--permanent] [--zone=zone] --remove-source=ip[/mask]
|
||||
```
|
||||
|
||||
# 网卡(interface)
|
||||
## 网卡(interface)
|
||||
- 获取网卡所在的 zone
|
||||
```bash
|
||||
firewall-cmd --get-zone-of-interface=<interface>
|
||||
@@ -86,7 +86,7 @@ categories: ["network"]
|
||||
```bash
|
||||
firewall-cmd [--zone=<zone>] --query-interface=<interface>
|
||||
```
|
||||
# target
|
||||
## target
|
||||
- 默认可以取四个值: default、ACCEPT、%%REJECT%%、DROP
|
||||
- 查看 taget
|
||||
```bash
|
||||
@@ -98,7 +98,7 @@ categories: ["network"]
|
||||
```
|
||||
- **必须使用参数 --permanent**,而且使用 firewall-cmd 命令不能直接生效,需 reload
|
||||
|
||||
# 服务(service)
|
||||
## 服务(service)
|
||||
- 查看支持的 service
|
||||
```bash
|
||||
firewall-cmd --get-services [--permanent]
|
||||
@@ -121,7 +121,7 @@ categories: ["network"]
|
||||
firewall-cmd [--zone=<zone>] --query-service=<service>
|
||||
```
|
||||
|
||||
# 端口和协议组合
|
||||
## 端口和协议组合
|
||||
- 查看配置的全部端口规则
|
||||
```bash
|
||||
firewall-cmd [--permanent] [--zone=zone] --list-ports
|
||||
@@ -140,7 +140,7 @@ categories: ["network"]
|
||||
firewall-cmd [--zone=<zone>] --query-port=<port>[-<port>]/<protocol> [--permanent]
|
||||
```
|
||||
|
||||
# ICMP
|
||||
## ICMP
|
||||
- 查看支持的 icmp 类型
|
||||
```bash
|
||||
firewall-cmd --get-icmptypes [--permanent]
|
||||
@@ -163,7 +163,7 @@ categories: ["network"]
|
||||
firewall-cmd [--zone=<zone>] --query-icmp-block=<icmptype> [--permanent]
|
||||
```
|
||||
|
||||
# IPV4 源地址转换
|
||||
## IPV4 源地址转换
|
||||
- 启动 zone 中 ipv4 源地址转换
|
||||
```bash
|
||||
firewall-cmd [--zone=<zone>] --add-masquerade \
|
||||
@@ -178,7 +178,7 @@ categories: ["network"]
|
||||
firewall-cmd [--zone=<zone>] --query-masquerade [--permanent]
|
||||
```
|
||||
|
||||
# 端口转发
|
||||
## 端口转发
|
||||
- 查看全部端口转发规则
|
||||
```bash
|
||||
firewall-cmd [--permanent] [--zone=zone] --list-forward-ports
|
||||
@@ -202,7 +202,7 @@ categories: ["network"]
|
||||
[--permanent]
|
||||
```
|
||||
|
||||
# Rich Rules
|
||||
## Rich Rules
|
||||
- 通用结构
|
||||
```bash
|
||||
firewall-cmd [--zone=<zone>] [ --permanent | --timeout=seconds ] \
|
||||
@@ -227,7 +227,7 @@ categories: ["network"]
|
||||
man firewalld.richlanguage 5
|
||||
```
|
||||
|
||||
# 应急模式(panic)
|
||||
## 应急模式(panic)
|
||||
- 启动 panic,即断网
|
||||
```bash
|
||||
firewall-cmd --panic-on
|
||||
@@ -241,7 +241,7 @@ categories: ["network"]
|
||||
firewall-cmd --query-panic
|
||||
```
|
||||
|
||||
# 重新载入(reload)
|
||||
## 重新载入(reload)
|
||||
- 重新载入防火墙,不中断用户连接
|
||||
```bash
|
||||
firewall-cmd --reload
|
||||
@@ -251,6 +251,6 @@ categories: ["network"]
|
||||
firewall-cmd --complete-reload
|
||||
```
|
||||
|
||||
# 备注
|
||||
## 备注
|
||||
- 参数 --timeout 是让规则生效一段时间,过期自动删除,不能与 --permanent 一起使用
|
||||
|
||||
|
||||
Reference in New Issue
Block a user