Linux8.4 FIREWALLD

9 Zone of Firewalld

Ban Iptables Open Firewalld

[Email protected] ~]# systemctl disable iptablesremoved symlink/etc/systemd/system/basic.target.wants/ Iptables.service. [[email protected] ~]# systemctl stop iptables[[email protected] ~]# systemctl enable firewalldcreated symlink from/etc/s Ystemd/system/dbus-org.fedoraproject.firewalld1.service to/usr/lib/systemd/system/firewalld.service.created Symlink From/etc/systemd/system/basic.target.wants/firewalld.service To/usr/lib/systemd/system/firewalld.service . [Email protected] ~]# systemctl start  firewalld

Using IPTABLES-NVL to view the rules, you find that there are many, firewalld default rules. That is, IPTABLES-NVL can also view FIREWALLD rules.

Each zone is like a rule set and comes with a lot of rules.

#查看所有的zone [[email protected] ~]# firewall-cmd--get-zonesblock DMZ drop external home internal public Trusted work# view default Zo Ne[[email protected] ~]# firewall-cmd--get-default-zonepublic

About Zone operation

Modify the default Zone

[Email protected] ~]# firewall-cmd--set-default-zone=worksuccess[[email protected] ~]# firewall-cmd-- Get-default-zonework

Check the specified NIC

[Email protected] ~]# firewall-cmd--get-zone-of-interface=eth0no zone[[email protected] ~]# firewall-cmd-- Get-zone-of-interface=lono zone# All are no zone, need to set the network card configuration file [[email protected] ~]# firewall-cmd--zone=work-- Add-interface=eth0success[[email protected] ~]# firewall-cmd--get-zone-of-interface=eth0work# Modify the Zone[[email of the NIC Protected] ~]# firewall-cmd--ZONE=DMZ--change-interface=eht0success[[email protected] ~]# firewall-cmd-- get-zone-of-interface=eth0dmz# remove Zone[[email protected] ~]# firewall-cmd--ZONE=DMZ--remove-interface= for NIC Eth0success[[email protected] ~]# firewall-cmd--get-zone-of-interface=eth0no Zone

Check the zone of all network adapters in your system

[Email protected] ~]# firewall-cmd--get-active-zonesdmz  interfaces:eht0work  interfaces:eth0

　　

Linux8.4 Firewalld