10.21 firewalld关于zone的操作
Linux防火墙-firewalld
- firewall-cmd --set-default-zone=work //设定默认zone
- firewall-cmd --get-zone-of-interface=ens33 //查指定网卡
- firewall-cmd --zone=public --add-interface=lo //给指定网卡设置zone
- firewall-cmd --zone=dmz --change-interface=lo //针对网卡更改zone
- firewall-cmd --zone=dmz --remove-interface=lo //针对网卡删除zone
- firewall-cmd --get-active-zones //查看系统所有网卡所在的zone
firewall-cmd设定默认zone
- firewall-cmd --set-default-zone=work //设定默认的zone
[root@hf-01 ~]# firewall-cmd --set-default-zone=work
success
[root@hf-01 ~]# firewall-cmd --get-default-zone
work
[root@hf-01 ~]# firewall-cmd查看指定网卡
- firewall-cmd --get-zone-of-interface=ens16777736 //查指定网卡
[root@hf-01 ~]# firewall-cmd --get-zone-of-interface=eno16777736
work
[root@hf-01 ~]# firewall-cmd --get-zone-of-interface=lo
no zone
[root@hf-01 ~]# - 若是后续添加的网卡ens36,显示no zone,就需要把eno16777736的网卡配置环境复制一份,命令为ens36,并修改配置文件,最后重启网络服务,在重新加载firewalld服务(systemctl restart firewalld),在来查看ens36的zone
- 若还是没有zone,我们就去增加给ens36增加一个zone
- firewall-cmd --zone=public --add-interface=ens36 //给指定网卡设置zone
- 若还是没有zone,我们就去增加给ens36增加一个zone
[root@hf-01 ~]# firewall-cmd --get-zone-of-interface=ens36
no zone
[root@hf-01 ~]# cd /etc/sysconfig/network-scripts/
[root@hf-01 network-scripts]# ls
ifcfg-eno16777736 ifdown-post ifup-bnep ifup-routes
ifcfg-eno16777736:0 ifdown-ppp ifup-eth ifup-sit
ifcfg-lo ifdown-routes ifup-ippp ifup-Team
ifdown ifdown-sit ifup-ipv6 ifup-TeamPort
ifdown-bnep ifdown-Team ifup-isdn ifup-tunnel
ifdown-eth ifdown-TeamPort ifup-plip ifup-wireless
ifdown-ippp ifdown-tunnel ifup-plusb init.ipv6-global
ifdown-ipv6 ifup ifup-post network-functions
ifdown-isdn ifup-aliases ifup-ppp network-functions-ipv6
[root@hf-01 network-scripts]# cp /etc/sysconfig/network-scripts/ifcfg-eno16777736 /etc/sysconfig/network-scripts/ens36
[root@hf-01 network-scripts]# vi !$ //编辑配置文件
vi /etc/sysconfig/network-scripts/ens36
[root@hf-01 network-scripts]# systemctl restart network.service //重启网络服务
[root@hf-01 network-scripts]# systemctl restart firewalld //重新加载firewalld服务
[root@hf-01 network-scripts]# firewall-cmd --get-zone-of-interface=ens36 //查看ens36网卡的zone
no zone
[root@hf-01 network-scripts]# firewall-cmd --zone=work --add-interface=ens36 //给ens36网卡设置zone
success
[root@hf-01 network-scripts]# firewall-cmd --get-zone-of-interface=ens36 //查看ens36网卡的zone
work
[root@hf-01 network-scripts]# firewall-cmd给指定网卡设置zone
- firewall-cmd --zone=public --add-interface=lo //给指定网卡设置zone
[root@hf-01 network-scripts]# firewall-cmd --zone=public --add-interface=lo 给lo网卡设置zone
success
[root@hf-01 network-scripts]# firewall-cmd --get-zone-of-interface=lo
public
[root@hf-01 network-scripts]# firewall-cmd给指定网卡设置zone
- firewall-cmd --zone=dmz --change-interface=lo //针对网卡更改zone
[root@hf-01 network-scripts]# firewall-cmd --get-zone-of-interface=lo
public
[root@hf-01 network-scripts]# firewall-cmd --zone=dmz --change-interface=lo //针对网卡更改zone
success
[root@hf-01 network-scripts]# firewall-cmd --get-zone-of-interface=lo
dmz
[root@hf-01 network-scripts]# firewall-cmd针对网卡删除zone
- firewall-cmd --zone=block --remove-interface=ens37 //针对网卡删除zone
[root@hf-01 network-scripts]# firewall-cmd --zone=block --change-interface=ens36 给ens36网卡设置zone
success
[root@hf-01 network-scripts]# firewall-cmd --zone=block --remove-interface=ens36 //针对ens36网卡删除zone
success
[root@hf-01 network-scripts]# firewall-cmd --get-zone-of-interface=ens36
no zone
[root@hf-01 network-scripts]#- 在remove删除zone后,恢复默认的zone——>自己在删除后,就显示no zone,而并不是恢复默认的zone!!!
firewall-cmd查看系统所有网卡所在的zone
- firewall-cmd --get-active-zones //查看系统所有网卡所在的zone
[root@hf-01 network-scripts]# firewall-cmd --get-active-zones //查看系统所有网卡所在的zone
dmz
interfaces: lo
work
interfaces: eno16777736
[root@hf-01 network-scripts]# 本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
目录