The Go Blog

firewalld

bantana
30 June 2015

查看active-zones

firewall-cmd --get-active-zones

查看public zone中的规则

firewall-cmd --zone=public --list-all

在public zone中开放8085/tcp port

firewall-cmd --permanent --zone=public --add-port=8085/tcp

reload使规则生效

firewall-cmd --reload

在openvpn上masq内网的ip

firewall-cmd --list-all
firewall-cmd --add-masquerade
firewall-cmd --permanent --add-masquerade
firewall-cmd --query-masquerade
yes

[root@tj-vpn ~]# firewall-cmd --list-all
public (default, active)
  interfaces: em1 em2 em3 em4
  sources:
  services: openvpn ssh
  ports: 8080/tcp
  masquerade: yes
  forward-ports:
  icmp-blocks:
  rich rules:

配置文件:

/etc/firewalld
├── firewalld.conf
├── icmptypes
├── lockdown-whitelist.xml
├── services
└── zones
    ├── public.xml
    └── public.xml.old

/etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>blablabla.</description>
  <service name="ssh"/>
  <service name="openvpn"/>
  <port protocol="tcp" port="8080"/>
  <masquerade/>
</zone>