1) only use iptables directly or firewalld statement
rule into management areas.2) the highest priority, priority: direct rule - rich rules - rules of regional
3) not iptables statement users directly use firewalld
4) applicable to the service or application
Statement:
Firewall - CMD - direct
2, the rich rules (rich language rule)
Statement the time or expression is described in detail, including allowing, refused, configure logging, port forwarding, address disguise rate limit, access time, etc.,
Statement:
Firewall - CMD - zone=areas - add - rich - rule='rule rich regular expression
'- add - rich - rule: add rich rules
- remove - rich - rule: delete rules
Query whether rich rules added to the designated area
Firewall - CMD - query - rich - rule
See the rich rules list
Firewall - CMD - list - rich - rule
Expressions:
The source address=source IP address
Destination address=target IP address
The server name=service name
Port the port=port
Types of protocol value=https://bbs.csdn.net/topics/protocol (TCP/UDP)
Types of icmp - block=icmp packets (request reply)
Maskquerade conversion address and port number
Accept:
Drop: discard, refused to
Reject: reject and return message
Log log:
The log prefix=log file
Level: level
The limit value=https://bbs.csdn.net/topics/hop/time
- timeout=timeout
CodePudding user response: