9 Zone of Firewalld
Ban Iptables Open Firewalld
[Email protected] ~]# systemctl disable iptablesremoved symlink/etc/systemd/system/basic.target.wants/ Iptables.service. [[email protected] ~]# systemctl stop iptables[[email protected] ~]# systemctl enable firewalldcreated symlink from/etc/s Ystemd/system/dbus-org.fedoraproject.firewalld1.service to/usr/lib/systemd/system/firewalld.service.created Symlink From/etc/systemd/system/basic.target.wants/firewalld.service To/usr/lib/systemd/system/firewalld.service . [Email protected] ~]# systemctl start firewalld
Using IPTABLES-NVL to view the rules, you find that there are many, firewalld default rules. That is, IPTABLES-NVL can also view FIREWALLD rules.
Each zone is like a rule set and comes with a lot of rules.
#查看所有的zone [[email protected] ~]# firewall-cmd--get-zonesblock DMZ drop external home internal public Trusted work# view default Zo Ne[[email protected] ~]# firewall-cmd--get-default-zonepublic
About Zone operation
Modify the default Zone
[Email protected] ~]# firewall-cmd--set-default-zone=worksuccess[[email protected] ~]# firewall-cmd-- Get-default-zonework
Check the specified NIC
[Email protected] ~]# firewall-cmd--get-zone-of-interface=eth0no zone[[email protected] ~]# firewall-cmd-- Get-zone-of-interface=lono zone# All are no zone, need to set the network card configuration file [[email protected] ~]# firewall-cmd--zone=work-- Add-interface=eth0success[[email protected] ~]# firewall-cmd--get-zone-of-interface=eth0work# Modify the Zone[[email of the NIC Protected] ~]# firewall-cmd--ZONE=DMZ--change-interface=eht0success[[email protected] ~]# firewall-cmd-- get-zone-of-interface=eth0dmz# remove Zone[[email protected] ~]# firewall-cmd--ZONE=DMZ--remove-interface= for NIC Eth0success[[email protected] ~]# firewall-cmd--get-zone-of-interface=eth0no Zone
Check the zone of all network adapters in your system
[Email protected] ~]# firewall-cmd--get-active-zonesdmz interfaces:eht0work interfaces:eth0
Linux8.4 Firewalld