热门标签
热门文章
- 1【力扣(LeetCode)】【C/C++】【21.合并两个有序链表】_力扣 合并两个有序链表c++
- 2LeetCode //C - 31. Next Permutation
- 3机器学习在医疗行业的应用:颠覆传统诊疗模式,开启智慧医疗新时代
- 4ElastchSearch 基本使用姿势_elastsearch 中文查询问题
- 5C语言使用第三方库编译报错错误排查_evp_sm4_gcm
- 6论文解读:(TransH)Knowledge Graph Embedding by Translating on Hyperplanes_transh原文
- 7LLM - 大模型技术报告与训练细节 By Baichuan2_llm 模型训练
- 8Hive安装(超详细)_hive的前置安装有哪些
- 9vivado时序违例相关_vivado 保持时间违例
- 10掌控安全 -- header注入_header存在注入危险,访问已被禁止
当前位置: article > 正文
centos7_firewalld使用_firewall-cmd icmp-block
作者:花生_TL007 | 2024-05-08 03:13:30
赞
踩
firewall-cmd icmp-block
查看命令:
firewall-cmd --list-ports
firewall-cmd --list-all
- [root@localhost ~]# firewall-cmd --list-ports
- 22/tcp 80/tcp
- [root@localhost ~]# firewall-cmd --list-all
- public (active)
- target: default
- icmp-block-inversion: no
- interfaces: ens33
- sources:
- services: ssh dhcpv6-client
- ports: 22/tcp 80/tcp
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
zone区
zone概念:
硬件防火墙默认一般有三个区,firewalld引入这一概念系统默认存在以下区域(根据文档自己理解,如果有误请指正):
drop:默认丢弃所有包
block:拒绝所有外部连接,允许内部发起的连接
public:指定外部连接可以进入
external:这个不太明白,功能上和上面相同,允许指定的外部连接
dmz:和硬件防火墙一样,受限制的公共连接可以进入
work:工作区,概念和workgoup一样,也是指定的外部连接允许
home:类似家庭组
internal:信任所有连接
对防火墙不算太熟悉,还没想明白public、external、dmz、work、home从功能上都需要自定义允许连接,具体使用上的区别还需高人指点
- [root@localhost ~]# firewall-cmd --list-all-zones
- block
- target: %%REJECT%%
- icmp-block-inversion: no
- interfaces:
- sources:
- services:
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- dmz
- target: default
- icmp-block-inversion: no
- interfaces:
- sources:
- services: ssh
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- drop
- target: DROP
- icmp-block-inversion: no
- interfaces:
- sources:
- services:
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- external
- target: default
- icmp-block-inversion: no
- interfaces:
- sources:
- services: ssh
- ports:
- protocols:
- masquerade: yes
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- home
- target: default
- icmp-block-inversion: no
- interfaces:
- sources:
- services: ssh mdns samba-client dhcpv6-client
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- internal
- target: default
- icmp-block-inversion: no
- interfaces:
- sources:
- services: ssh mdns samba-client dhcpv6-client
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- public (active)
- target: default
- icmp-block-inversion: no
- interfaces: ens33
- sources:
- services: ssh dhcpv6-client
- ports: 22/tcp 80/tcp
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- trusted
- target: ACCEPT
- icmp-block-inversion: no
- interfaces:
- sources:
- services:
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
-
- work
- target: default
- icmp-block-inversion: no
- interfaces:
- sources:
- services: ssh dhcpv6-client
- ports:
- protocols:
- masquerade: no
- forward-ports:
- source-ports:
- icmp-blocks:
- rich rules:
-
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/花生_TL007/article/detail/552559
推荐阅读
相关标签
