firewalld文件格式
-
zone
- 11111 11111
-
ipset
- <?xml version="1.0" encoding="utf-8"?> 11111111 11111111 1.1.1.1,222
-
icmptypes
- <?xml version="1.0" encoding="utf-8"?> Port Unreachable//匹配字段 This error message is sent if the port unreachable.
-
类型TYPE 代码CODE 用途|描述 Description 查询类Query 差错类Error 0 0 Echo Reply——回显应答(Ping应答) x 3 0 Network Unreachable——网络不可达 x 3 1 Host Unreachable——主机不可达 x 3 2 Protocol Unreachable——协议不可达 x 3 3 Port Unreachable——端口不可达 x 3 4 Fragmentation needed but no frag. bit set——需要进行分片但设置不分片比特 x 3 5 Source routing failed——源站选路失败 x 3 6 Destination network unknown——目的网络未知 x 3 7 Destination host unknown——目的主机未知 x 3 8 Source host isolated (obsolete)——源主机被隔离(作废不用) x 3 9 Destination network administratively prohibited——目的网络被强制禁止 x 3 10 Destination host administratively prohibited——目的主机被强制禁止 x 3 11 Network unreachable for TOS——由于服务类型TOS,网络不可达 x 3 12 Host unreachable for TOS——由于服务类型TOS,主机不可达 x 3 13 Communication administratively prohibited by filtering——由于过滤,通信被强制禁止 x 3 14 Host precedence violation——主机越权 x 3 15 Precedence cutoff in effect——优先中止生效 x 4 0 Source quench——源端被关闭(基本流控制) 5 0 Redirect for network——对网络重定向 5 1 Redirect for host——对主机重定向 5 2 Redirect for TOS and network——对服务类型和网络重定向 5 3 Redirect for TOS and host——对服务类型和主机重定向 8 0 Echo request——回显请求(Ping请求) x 9 0 Router advertisement——路由器通告 10 0 Route solicitation——路由器请求 11 0 TTL equals 0 during transit——传输期间生存时间为0 x 11 1 TTL equals 0 during reassembly——在数据报组装期间生存时间为0 x 12 0 IP header bad (catchall error)——坏的IP首部(包括各种差错) x 12 1 Required options missing——缺少必需的选项 x 13 0 Timestamp request (obsolete)——时间戳请求(作废不用) x 14 Timestamp reply (obsolete)——时间戳应答(作废不用) x 15 0 Information request (obsolete)——信息请求(作废不用) x 16 0 Information reply (obsolete)——信息应答(作废不用) x 17 0 Address mask request——地址掩码请求 x 18 0 Address mask reply——地址掩码应答
-
services
- <?xml version="1.0" encoding="utf-8"?> WWW (HTTP) HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.
- <?xml version="1.0" encoding="utf-8"?> Secure WWW (HTTPS) HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.
- <?xml version="1.0" encoding="utf-8"?> SSH Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.
-
helper
- <?xml version="1.0" encoding="utf-8"?> //匹配字段
- <?xml version="1.0" encoding="utf-8"?>
- <?xml version="1.0" encoding="utf-8"?> //匹配字段
-
模板
- Rule:
rule [family=“ipv4|ipv6”]
Source:
source [not] address=“address[/mask]”|mac=“mac-address”|ipset=“ipset”
Destination:
destination [not] address=“address[/mask]”
Service:
service name=“service name”
Port:
port port=“port value” protocol=“tcp|udp”
Protocol:
protocol value=“protocol value”
ICMP-Block:
icmp-block name=“icmptype name”
ICMP-Type:
icmp-type name=“icmptype name”
Forward-Port:
forward-port port=“port value” protocol=“tcp|udp” to-port=“port value” to-addr=“address”
Source-Port:
source-port port=“port value” protocol=“tcp|udp”
Log:
log [prefix=“prefix text”] [level=“log level”] [limit value=“rate/duration”]
Audit:
audit [limit value=“rate/duration”]
Action:
accept, reject, drop,mark.
Limit: limit value=“rate/duration”
- Rule: