firewalld:查看预定义的区域等信息
一,firewall-cmd预定义信息主要分为三种:
1、可用区域
2、可用服务
3、可用的icmp阻塞类型
二,查看预定义的zone
[root@blog ~]# firewall-cmd --get-zones
block dmz drop external home internal nm-shared public trusted work三,查看预定义的服务
[root@blog ~]# firewall-cmd --get-services
RH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2
bacula bacula-client bareos-director bareos-filedaemon bareos-storage bb bgp bitcoin bitcoin-rpc bitcoin-testnet
bitcoin-testnet-rpc bittorrent-lsd ceph ceph-exporter ceph-mon cfengine checkmk-agent cockpit collectd
condor-collector cratedb ctdb dds dds-multicast dds-unicast dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls
docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy
freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master
git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs
iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver
kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure
kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker
ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-client llmnr-tcp llmnr-udp managesieve matrix mdns
memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nebula netbios-ns
netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex
pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp
ps2link ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd
rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls
snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing
syncthing-gui syncthing-relay synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks
transmission-client upnp-client vdsm vnc-server warpinator wbem-http wbem-https wireguard ws-discovery
ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local
xmpp-server zabbix-agent zabbix-server zerotier四,查看预定义的icmp类型:
[root@blog ~]# firewall-cmd --get-icmptypes
address-unreachable bad-header beyond-scope communication-prohibited destination-unreachable echo-reply
echo-request failed-policy fragmentation-needed host-precedence-violationhost-prohibited host-redirect
host-unknown host-unreachable ip-header-bad neighbour-advertisement neighbour-solicitation network-prohibited
network-redirect network-unknown network-unreachable no-route packet-too-big parameter-problem port-unreachable
precedence-cutoff protocol-unreachable redirect reject-route required-option-missing router-advertisement
router-solicitation source-quench source-route-failed time-exceeded timestamp-reply timestamp-request
tos-host-redirect tos-host-unreachable tos-network-redirect tos-network-unreachable ttl-zero-during-reassembly
ttl-zero-during-transit unknown-header-type unknown-option五,获取其他防火墙信息
1,得到默认的zone
[root@blog ~]# firewall-cmd --get-default-zone
public2,列出默认zone下的所有规则
[root@blog ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
...3,列出所有激活的zone
[root@blog ~]# firewall-cmd --get-active-zones
public
interfaces: eth0
trusted
sources: 1.2.8.44,显示网络接口 eth0 对应的zone
[root@blog ~]# firewall-cmd --get-zone-of-interface=eth0
public5,列出指定zone打开的端口
[root@blog ~]# firewall-cmd --zone=public --list-ports
80/tcp 443/tcp
