firewalld: 管理服务service
一,查询firewalld默认支持的服务有哪些?
[root@blog conf.d]# firewall-cmd --get-services
RH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2
bacula bacula-client bareos-director bareos-filedaemon bareos-storage bb bgp bitcoin bitcoin-rpc bitcoin-testnet
bitcoin-testnet-rpc bittorrent-lsd ceph ceph-exporter ceph-mon cfengine checkmk-agent cockpit collectd
condor-collector cratedb ctdb dds dds-multicast dds-unicast dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls
docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy
freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master
git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs
iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver
kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure
kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker
ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-client llmnr-tcp llmnr-udp managesieve matrix mdns
memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nebula netbios-ns
netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole
plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp
ps2link ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd
rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls
snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing
syncthing-gui syncthing-relay synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks
transmission-client upnp-client vdsm vnc-server warpinator wbem-http wbem-https wireguard ws-discovery
ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local
xmpp-server zabbix-agent zabbix-server zerotier二,默认内置的service是firewalld定义的
保存路径:
[root@blog conf.d]# ls /usr/lib/firewalld/services/查看service的定义:
[root@blog services]# more ssh.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines.
It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH
over a firewalled interface, enable this option.
You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="22"/>
</service>可以看到service的定义包括: 名称(short)/描述(description)/端口(port)等组成
从命令行查看某个服务的信息:例如:samba
[root@blog services]# firewall-cmd --info-service=samba
samba
ports: 139/tcp 445/tcp
protocols:
source-ports:
modules:
destination:
includes: samba-client
helpers: 三,管理service
1, 列出一个zone下的所有规则:
[root@blog services]# firewall-cmd --zone=public --list-all2, 列出一个zone下的所有services:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client3,添加一个service
[root@blog services]# firewall-cmd --add-service=redis
success再次列出zone下的所有services:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client redis4,删除一个service
[root@blog services]# firewall-cmd --remove-service=redis
success再次列出zone下的所有services:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client四,例子:关闭centos自带的service
查看打开的当前的服务
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client删除内置的两个service
[root@blog services]# firewall-cmd --permanent --remove-service=cockpit
success
[root@blog services]# firewall-cmd --permanent --remove-service=dhcpv6-client
success查看是否生效:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client重新加载:
[root@blog services]# firewall-cmd --reload
success再次查看是否生效,这次已生效
[root@blog services]# firewall-cmd --zone=public --list-services
