iptables rules backup and recovery, firewalld's nine zones, firewalld's operation on zones, firewalld's operation on service s

Keywords: network firewall iptables ssh

iptables rule backup and recovery


9 zone s of firewalld


 

System CTL disable iptables boot on
 System CTL stop iptables turn off service
 System CTL enable firewalld boot
 System CTL start firewalld opens the service

View all zone s

[root@glinux-01 ~]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work

View the default zone

[root@glinux-01 ~]# firewall-cmd --get-default-zone
public

Introduction to each zone


firewalld's operation on zone

Query Designated Network Card

[root@glinux-01 ~]# firewall-cmd --get-zone-of-interface=ens33
public
[root@glinux-01 ~]# firewall-cmd --get-zone-of-interface=ens37
no zone

If the newly added network card shows no zone

Operating method duplicates a network card configuration file of ens33 and renames it to ens37, changes the content of the configuration file, and restarts firewalld.

(If not, run the system CTL stop network manager at the designated network card zone)

cp /etc/sysconfig/network-scripts/ifcfg-ens33 /etc/sysconfig/network-scripts/ifcfg-ens33ens37
systemctl restart firewalld

[root@glinux-01 network-scripts]# systemctl stop NetworkManager
[root@glinux-01 network-scripts]# firewall-cmd --get-zone-of-interface=ens37
no zone
[root@glinux-01 network-scripts]# firewall-cmd --zone=public --add-interface=ens37
success
[root@glinux-01 network-scripts]# firewall-cmd --get-zone-of-interface=ens37
public

firewalld's operation on service

View all service s

[root@glinux-01 network-scripts]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client 
bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon 
cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry 
dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication 
freeipa-trust ftp ganglia-client ganglia-master high-availability http https 
imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd
 kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt 
mssql mysql nfs nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole 
pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio 
puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip
 sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh 
synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client 
vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server

Query default service

[root@glinux-01 network-scripts]# firewall-cmd --list-services
ssh dhcpv6-client

Query specified service

[root@glinux-01 network-scripts]# firewall-cmd --zone=public --list-services
ssh dhcpv6-client

Posted by itworks on Tue, 05 Feb 2019 18:09:19 -0800

Hot Keywords

©2024 Programmer Group