查看firewalld的当前配置信息:
[root@centos8 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.168.0/24" port port="80" protocol="tcp" accept
rule family="ipv4" source address="192.168.168.163" port port="80" protocol="tcp" reject
笺注:条件符合reject就会被拒绝了,不是按规则顺序来执行。
客户端(192.168.168.163)远程测试:
2021-1-31 15:56
查看firewalld的配置文件:
[root@centos8 ~]# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<service name="cockpit"/>
<rule family="ipv4">
<source address="192.168.168.0/24"/>
<port port="80" protocol="tcp"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="192.168.168.163"/>
<port port="80" protocol="tcp"/>
<reject/>
</rule>
</zone>
查看firewalld的当前配置信息:
[root@centos8 ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens160
sources:
services: cockpit dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.168.0/24" port port="80" protocol="tcp" accept
rule family="ipv4" source address="192.168.168.163" port port="80" protocol="tcp" reject
rule family="ipv4" source address="192.168.168.163" port port="8000-8088" protocol="tcp" accept
查看firewalld的配置文件:
[root@centos8 ~]# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ssh"/>
<service name="dhcpv6-client"/>
<service name="cockpit"/>
<rule family="ipv4">
<source address="192.168.168.0/24"/>
<port port="80" protocol="tcp"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="192.168.168.163"/>
<port port="80" protocol="tcp"/>
<reject/>
</rule>
<rule family="ipv4">
<source address="192.168.168.163"/>
<port port="8000-8088" protocol="tcp"/>
<accept/>
</rule>
</zone>