Centos 7 firewall的防火墙的规则

Posted 2020-10-20 liteFang

这是官方文档：

http://www.firewalld.org/documentation/man-pages/firewall-cmd.html

 

 

想使用iptables的规则，firewall也可以做到

[--permanent] --direct --add-rule { ipv4 | ipv6 | eb } table chain priority args

Add a rule with the arguments args to chain chain in table table with priority priority.

The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.

The direct options give a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. table (filter/mangle/nat/...), chain (INPUT/OUTPUT/FORWARD/...), commands (-A/-D/-I/...), parameters (-p/-s/-d/-j/...) and targets (ACCEPT/DROP/REJECT/...).

例如：

firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -s 192.168.100.6 -d 192.168.100.124 -j DROP

设置一条IPV4规则，表为防火墙表 ：filter，   处理输入数据包 INPUT ，0 代表在头部添加。后面就是常用的iptables语法

 

关于iptables 这里有一个详解：http://www.cnblogs.com/metoy/p/4320813.html