firewalld: 管理服务service
一,查询firewalld默认支持的服务有哪些?
[root@blog conf.d]# firewall-cmd --get-services
RH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2
bacula bacula-client bareos-director bareos-filedaemon bareos-storage bb bgp bitcoin bitcoin-rpc bitcoin-testnet
bitcoin-testnet-rpc bittorrent-lsd ceph ceph-exporter ceph-mon cfengine checkmk-agent cockpit collectd
condor-collector cratedb ctdb dds dds-multicast dds-unicast dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls
docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy
freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master
git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs
iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver
kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure
kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker
ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-client llmnr-tcp llmnr-udp managesieve matrix mdns
memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nebula netbios-ns
netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole
plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp
ps2link ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd
rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls
snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing
syncthing-gui syncthing-relay synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks
transmission-client upnp-client vdsm vnc-server warpinator wbem-http wbem-https wireguard ws-discovery
ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local
xmpp-server zabbix-agent zabbix-server zerotier二,默认内置的service是firewalld定义的
保存路径:
[root@blog conf.d]# ls /usr/lib/firewalld/services/查看service的定义:
[root@blog services]# more ssh.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines.
It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH
over a firewalled interface, enable this option.
You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="22"/>
</service>可以看到service的定义包括: 名称(short)/描述(description)/端口(port)等组成
从命令行查看某个服务的信息:例如:samba
[root@blog services]# firewall-cmd --info-service=samba
samba
ports: 139/tcp 445/tcp
protocols:
source-ports:
modules:
destination:
includes: samba-client
helpers: 三,管理service
1, 列出一个zone下的所有规则:
[root@blog services]# firewall-cmd --zone=public --list-all2, 列出一个zone下的所有services:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client3,添加一个service
[root@blog services]# firewall-cmd --add-service=redis
success再次列出zone下的所有services:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client redis4,删除一个service
[root@blog services]# firewall-cmd --remove-service=redis
success再次列出zone下的所有services:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client四,例子:关闭centos自带的service
查看打开的当前的服务
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client删除内置的两个service
[root@blog services]# firewall-cmd --permanent --remove-service=cockpit
success
[root@blog services]# firewall-cmd --permanent --remove-service=dhcpv6-client
success查看是否生效:
[root@blog services]# firewall-cmd --zone=public --list-services
cockpit dhcpv6-client重新加载:
[root@blog services]# firewall-cmd --reload
success再次查看是否生效,这次已生效
[root@blog services]# firewall-cmd --zone=public --list-services
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· 阿里巴巴 QwQ-32B真的超越了 DeepSeek R-1吗?
· 【译】Visual Studio 中新的强大生产力特性
· 10年+ .NET Coder 心语 ── 封装的思维:从隐藏、稳定开始理解其本质意义
· 【设计模式】告别冗长if-else语句:使用策略模式优化代码结构
2023-08-19 webman:请求参数(v1.5.7)
2023-08-19 webman:返回统一格式的json(v1.5.7)
2023-08-19 webman:配置路由(v1.5.7)
2023-08-19 webman:管理命令(v1.5.7)
2023-08-19 webman:修改默认页面(v1.5.7)
2023-08-19 webman:安装/创建项目(v1.5.7)
2020-08-19 spring boot:使用分布式事务seata(druid 1.1.23 / seata 1.3.0 / mybatis / spring boot 2.3.2)