[root@client ~ 14:08:36]# systemctl status firewalld.service
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@client ~ 14:18:09]# systemctl enable firewalld.service --now
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
查看zone配置
复制代码
#etc优先级高
[root@client ~ 14:18:29]# ls /etc/firewalld/
firewalld.conf icmptypes lockdown-whitelist.xml zones
helpers ipsets services
[root@client ~ 14:37:38]# ls /usr/lib/firewalld/
helpers icmptypes ipsets services zones
[root@client ~ 14:38:46]# cd /usr/lib/firewalld/
[root@client firewalld 14:46:10]# ls
helpers icmptypes ipsets services zones
[root@client firewalld 14:46:12]# ls zones/
block.xml drop.xml home.xml public.xml work.xml
dmz.xml external.xml internal.xml trusted.xml
[root@client firewalld 14:46:34]# cat zones/trusted.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Trusted</short>
<description>All network connections are accepted.</description>
</zone>
[root@client firewalld 14:48:05]# cat zones/block.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="%%REJECT%%">
<short>Block</short>
<description>Unsolicited incoming network packets are rejected. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
</zone>
[root@client firewalld 14:48:19]# cat zones/drop.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="DROP">
<short>Drop</short>
<description>Unsolicited incoming network packets are dropped. Incoming packets that are related to outgoing network connections are accepted. Outgoing network connections are allowed.</description>
</zone>
查看服务配置
复制代码
[root@client firewalld 14:49:22]# ls -1 services
[root@client firewalld 14:49:22]# cat services/http.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>WWW (HTTP)</short>
<description>HTTP is the protocol used to serve Web pages. If you plan to make your Web server publicly available, enable this option. This option is not required for viewing pages locally or developing Web pages.</description>
<port protocol="tcp" port="80"/>
</service>
[root@client firewalld 14:49:40]# cat services/https.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Secure WWW (HTTPS)</short>
<description>HTTPS is a modified HTTP used to serve Web pages when security is important. Examples are sites that require logins like stores or web mail. This option is not required for viewing pages locally or developing Web pages. You need the httpd package installed for this option to be useful.</description>
<port protocol="tcp" port="443"/>
</service>
复制代码
[root@client firewalld 14:49:51]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
[root@client firewalld 14:50:09]# firewall-cmd --get-active-zones
public
interfaces: ens33
[root@client firewalld 14:50:20]# firewall-cmd --get-default-zone
public