firewalld配置文件格式

firewalld文件格式

  1. zone

    1. 11111 11111
    2. ipset

      1. <?xml version="1.0" encoding="utf-8"?> 11111111 11111111 1.1.1.1,222
    3. icmptypes

      1. <?xml version="1.0" encoding="utf-8"?> Port Unreachable//匹配字段 This error message is sent if the port unreachable.
      2. 类型TYPE代码CODE用途|描述 Description查询类Query差错类Error
        00Echo Reply——回显应答(Ping应答)x
        30Network Unreachable——网络不可达x
        31Host Unreachable——主机不可达x
        32Protocol Unreachable——协议不可达x
        33Port Unreachable——端口不可达x
        34Fragmentation needed but no frag. bit set——需要进行分片但设置不分片比特x
        35Source routing failed——源站选路失败x
        36Destination network unknown——目的网络未知x
        37Destination host unknown——目的主机未知x
        38Source host isolated (obsolete)——源主机被隔离(作废不用)x
        39Destination network administratively prohibited——目的网络被强制禁止x
        310Destination host administratively prohibited——目的主机被强制禁止x
        311Network unreachable for TOS——由于服务类型TOS,网络不可达x
        312Host unreachable for TOS——由于服务类型TOS,主机不可达x
        313Communication administratively prohibited by filtering——由于过滤,通信被强制禁止x
        314Host precedence violation——主机越权x
        315Precedence cutoff in effect——优先中止生效x
        40Source quench——源端被关闭(基本流控制)
        50Redirect for network——对网络重定向
        51Redirect for host——对主机重定向
        52Redirect for TOS and network——对服务类型和网络重定向
        53Redirect for TOS and host——对服务类型和主机重定向
        80Echo request——回显请求(Ping请求)x
        90Router advertisement——路由器通告
        100Route solicitation——路由器请求
        110TTL equals 0 during transit——传输期间生存时间为0x
        111TTL equals 0 during reassembly——在数据报组装期间生存时间为0x
        120IP header bad (catchall error)——坏的IP首部(包括各种差错)x
        121Required options missing——缺少必需的选项x
        130Timestamp request (obsolete)——时间戳请求(作废不用)x
        14Timestamp reply (obsolete)——时间戳应答(作废不用)x
        150Information request (obsolete)——信息请求(作废不用)x
        160Information reply (obsolete)——信息应答(作废不用)x
        170Address mask request——地址掩码请求x
        180Address mask reply——地址掩码应答
    4. services

      1. <?xml version="1.0" encoding="utf-8"?> WWW (HTTP) HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.
      2. <?xml version="1.0" encoding="utf-8"?> Secure WWW (HTTPS) HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.
      3. <?xml version="1.0" encoding="utf-8"?> SSH Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
    5. helper

      1. <?xml version="1.0" encoding="utf-8"?> //匹配字段

      2. <?xml version="1.0" encoding="utf-8"?>
    6. 模板

      1. Rule:
        rule [family=“ipv4|ipv6”]
        Source:
        source [not] address=“address[/mask]”|mac=“mac-address”|ipset=“ipset”
        Destination:
        destination [not] address=“address[/mask]”
        Service:
        service name=“service name”
        Port:
        port port=“port value” protocol=“tcp|udp”
        Protocol:
        protocol value=“protocol value”
        ICMP-Block:
        icmp-block name=“icmptype name”
        ICMP-Type:
        icmp-type name=“icmptype name”
        Forward-Port:
        forward-port port=“port value” protocol=“tcp|udp” to-port=“port value” to-addr=“address”
        Source-Port:
        source-port port=“port value” protocol=“tcp|udp”
        Log:
        log [prefix=“prefix text”] [level=“log level”] [limit value=“rate/duration”]
        Audit:
        audit [limit value=“rate/duration”]
        Action:
        accept, reject, drop,mark.
        Limit: limit value=“rate/duration”
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值