Linux：firewalld-cmd的常用命令配置以及解释

Linux：firewalld-cmd的常用命令配置以及解释

# 修改firewalld的主配置文件
[root@server100 ~]# vim /etc/firewalld/firewalld.conf

# 主要修改内容
FirewallBackend=iptables

# 查看firewalld的详细信息
[root@server100 ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
  
# 指定查看strusted（信任区域）的详细信息
[root@server100 ~]# firewall-cmd --list-all --zone=trusted
trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

# 查看正在使用的区域以及网卡设备
[root@server100 ~]# firewall-cmd --get-active-zones
public
  interfaces: eth1 eth0
  
# 查看默认区域
[root@server100 ~]# firewall-cmd --get-default-zone
public

# 设置默认区域
[root@server100 ~]# firewall-cmd --set-default-zone=trusted
success
[root@server100 ~]# firewall-cmd --get-default-zone
trusted
[root@server100 ~]# firewall-cmd --list-all
trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: eth1
  sources:
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

# 永久删除trusted区域里的网卡eth1
[root@server100 ~]# firewall-cmd --permanent --remove-interface=eth1 --zone=trusted
The interface is under control of NetworkManager and already bound to the default zone
The interface is under control of NetworkManager, setting zone to default.
success
[root@server100 ~]# firewall-cmd --list-all
trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: eth1
  sources:
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

# 重新加载配置
[root@server100 ~]# firewall-cmd --reload
success
[root@server100 ~]# firewall-cmd --list-all
trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources:
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
  
# 永久添加网卡eth1到public区域
[root@server100 ~]# firewall-cmd --permanent --add-interface=eth1 --zone=public
The interface is under control of NetworkManager, setting zone to 'public'.
success
[root@server100 ~]# firewall-cmd --reload
success
[root@server100 ~]# firewall-cmd --list-all
trusted (active)
  target: ACCEPT
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services:
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

# 查看指定区域的详细信息
[root@server100 ~]# firewall-cmd --list-all --zone=public
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth1
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
  
# 永久添加网卡eth0到public区域
[root@server100 ~]# firewall-cmd --permanent --add-interface=eth0 --zone=public 
The interface is under control of NetworkManager, setting zone to 'public'.
success
[root@server100 ~]# firewall-cmd --reload
success
[root@server100 ~]# firewall-cmd --list-all --zone=public                       public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0 eth1
  sources:
  services: cockpit dhcpv6-client ssh
  ports:
  protocols:
  forward: yes
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
  
# 移动网卡eth1至trusted区域
[root@server100 ~]# firewall-cmd --permanent --change-interface=eth1 --zone=trusted
The interface is under control of NetworkManager, setting zone to 'trusted'.
success
[root@server100 ~]# firewall-cmd --reload
success
[root@server100 ~]# firewall-cmd --get-active-zones
public
  interfaces: eth0
trusted
  interfaces: eth1