firewalld Introduction

Others 2019-06-02 22:56:04 views: null

(1) What is firewalld?

  firewalld is the definition of network links and security level interface dynamic firewall management tool provides support for network / firewall zone (zone).

(2) the relationship between .firewalld and iptables

  firewalld-Service and provides a daemon, as well as command-line and graphical interface configuration tool, it is only partially replaced iptables-Service, the underlying or used as a firewall rule management iptables inlet. firewalld itself does not have a firewall function, but as iptables and needs to be implemented by the kernel netfilter, iptables and that is firewalld, they are used to maintain the role of rules, while the real work is to use the rules of the kernel netfilter, but firewalld and iptables structure and how to use different Bale.

(3) What is the area (zone)?

  In firewalld call set filtering rules in the zone. A zone is a set of filtering rules, the packet must go through a zone to inbound or outbound. firewalld card corresponding to a different region (zone), zone default total of 9, respectively, block, dmz, drop external, home , internal, public, trusted, work. Differences between different regions of the default behavior is to treat their different data packets, based on the region name we can intuitively know the characteristics of the region, in CentOS7 systems, the default region is set as public.

(4) The area (Zone) Description

  drop (discard): any received network packets are discarded, no response. There are only sent to the network connection.

  Block (restrictions): any received network connection are rejected icmp-host-prohibited information of IPv4 and icmp6-adm-prohibited information about IPv6.

  public (Public): use in public areas, can not believe that other computers in the network will not cause harm to your computer, select the connection can only receive through.

  external (External): especially for router-enabled extranet camouflage function. You can not trust the other computers from the network, can not believe they do not cause harm to your computer, can only receive through the selected connection.

  DMZ (demilitarized zone): your computer for the demilitarized zone, publicly accessible within this area can be limited access to your internal network, receive only the chosen connection.

  work (work): working area. You can basic trust other computers in the network will not harm your computer. After receiving only the selected connection.

  home (home): for home networks. You can basically trust the other computers in the network will not harm your computer. After receiving only the selected connection.

  internal (interior): for the internal network. You can basically trust the other computers in the network will not threaten your computer. After selecting only accepts connections.

  Trusted (trusted): Acceptable all network connections.

  A 9 or more regions designated region is the default region. When added to the interface NetworkManager, they are assigned to a default zone. When installing, firewalld in the default zone for the public.

(5) The preset service profile

  In the / usr / lib / firewalld / services / directory contains a number ending with .xml configuration files, each corresponding to a service, such as ssh.xml. These profiles are stored in the service of a short description, long description, port number, and protocol port.

[root@youxi1 ~]# cat /usr/lib/firewalld/services/ssh.xml 
<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
  <port protocol="tcp" port="22"/>
</service>

  When the service provided by default are not enough or need a custom port for a service, we need to service configuration file in / etc / firewalld / services / directory.

  / Etc / firewalld / store modified configuration (first search, find can not find the default configuration)

  / Usr / lib / firewalld / default configuration

  For example: ssh port services was changed to 23591, you need to copy /usr/libfirewalld/ssh.xml files to / etc / firewalld / services / directory, and then in relation to the port number in the file.

  service profiles in a more efficient management port, each service profile corresponds to a network application (network may be outside the network).

(6) .firewalld two restart

  firewall-cmd --reload disconnected without

  firewall-cmd --complete-reload need to disconnect, similar to restart the service

 

Guess you like

Origin www.cnblogs.com/diantong/p/10948772.html
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com