我正在尝试从firewall-cmd中删除一些丰富的规则,它似乎有效:
firewall-cmd --remove-rich-rule 'rule family="ipv4" source address="10.4.220.143/32" port protocol="tcp" port="13782" accept'
成功
但是在重新加载规则并再次检查之后,规则仍然存在:
firewall-cmd --reload
成功
# firewall-cmd --list-all
rule family="ipv4" source address="10.4.220.143/32" port port="13724" protocol="tcp" accept
我做错了什么?
答案 0 :(得分:5)
我认为你必须添加一个< --permanent>重新加载防火墙配置后,使您的更改永久化的声明。
firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="10.4.220.143/32" port protocol="tcp" port="13782" accept'
答案 1 :(得分:0)
我使用以下命令创建了一个 Firewalld Rich Rules 以仅阻止特定端口 tcp 443
# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 port port="443" protocol="tcp" reject'
# firewall-cmd --reload
列出丰富的规则:
# firewall-cmd --list-rich-rules
rule family="ipv4" port port="443" protocol="tcp" reject
# firewall-cmd --zone=public --list-all
success
public (active)
target: default
icmp-block-inversion: no
interfaces: enp0s3
sources:
services: dhcpv6-client ssh
ports: 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" port port="443" protocol="tcp" reject
使用下面的命令,我删除了 Firewalld Rich Rule
# firewall-cmd --remove-rich-rule 'rule family="ipv4" port protocol="tcp" port="443" reject'
删除 Firewalld Rich Rules(如果它是使用 --permanent 选项创建的)
# firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" port protocol="tcp" port="443" reject'