10.20 firewalld的9個zone

Linux防火牆-firewalld

• 打開firewalld
• systemctl disable iptables
• systemctl stop iptables
• systemctl enable firewalld
• systemctl start firewalld
• firewalld默認有9個zone
• 默認zone爲public
• firewall-cmd --get-zones //查看全部zone
• firewall-cmd --get-default-zone//查看默認zone

firewalld防火牆機制

• 由於以前禁掉了firewalld，打開了iptables，因此如今須要 打開firewalld，禁掉iptables

打開firewalld

[root@hf-01 ~]# systemctl disable iptables
[root@hf-01 ~]# systemctl stop iptables
[root@hf-01 ~]# systemctl enable firewalld
Created symlink from /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service to /usr/lib/systemd/system/firewalld.service.
Created symlink from /etc/systemd/system/basic.target.wants/firewalld.service to /usr/lib/systemd/system/firewalld.service.
[root@hf-01 ~]# systemctl start firewalld
[root@hf-01 ~]# 

這時用iptables -nvL和iptables -t nat -nvL查看規則，會看到增長了不少的鏈

• firewalld默認有9個zone，zone是firewalld的一個單位，默認使用public zone——>每一個zone就比如一個規則集
  • 規則集就是zone裏面自帶一些規則，好比：這個zone放行了80端口，放行了22端口，關閉了某某端口，這就是一個規則集

firewalld中查看全部zone

• firewall-cmd --get-zones //查看全部zone

[root@hf-01 ~]# firewall-cmd --get-zones    //查看全部zone
block dmz drop external home internal public trusted work
[root@hf-01 ~]#

firewalld中查詢默認的zone

• firewall-cmd --get-default-zone //查看默認zone

[root@hf-01 ~]# firewall-cmd --get-default-zone    //查看默認zone
public
[root@hf-01 ~]#

firewalld中9個zone的區別