运维开发网
广告位招商联系QQ:123077622
 
广告位招商联系QQ:123077622

Fedora18通过firewall-cmd命令修改防火墙ssh访问

运维开发网 https://www.qedev.com 2020-03-24 14:28 出处:网络 作者:运维开发网整理
使用root用户 查看所有的zone信息 # firewall-cmd --list-all-zones 查看默认zone是哪一个 # firewall-cmd --get-default-zone

使用root用户

查看所有的zone信息

# firewall-cmd --list-all-zones

查看默认zone是哪一个

# firewall-cmd --get-default-zone

临时修改接口p3p1所属的zone为internal,这是runtime修改,重启不保存

# firewall-cmd --zone=internal --change-zone=p3p1

如果需要重启保存接口的修改

则修改接口对应的配置文件/etc/sysconfig/network-scripts/ifcfg-p3p1

在配置文件中增加或修改一行ZONE=internal

从public zone中移除服务,重启后保存

临时修改则去掉--permanent选项

# firewall-cmd --permanent --zone=public --remove-service=ssh

这样便无法从接口p3p2上通过ssh访问了

但是可以从内网接口p3p1上通过ssh访问

再次查看所有的zone信息

# firewall-cmd --list-all-zones

block

  interfaces:

  services:

  ports:

  forward-ports:

  icmp-blocks:

work

  interfaces:

  services: ipp-client mdns dhcpv6-client ssh

  ports:

  forward-ports:

  icmp-blocks:

drop

  interfaces:

  services:

  ports:

  forward-ports:

  icmp-blocks:

internal

  interfaces: p3p1

  services: ipp-client mdns dhcpv6-client ssh samba-client

  ports:

  forward-ports:

  icmp-blocks:

external

  interfaces:

  services: ssh

  ports:

  forward-ports:

  icmp-blocks:

home

  interfaces:

  services: ipp-client mdns dhcpv6-client ssh samba-client

  ports:

  forward-ports:

  icmp-blocks:

dmz

  interfaces:

  services: ssh

  ports:

  forward-ports:

  icmp-blocks:

public

  interfaces: p3p2

  services: mdns dhcpv6-client

  ports:

  forward-ports:

  icmp-blocks:

trusted   interfaces:   services:   ports:   forward-ports:   icmp-blocks:

扫码领视频副本.gif

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号