Services
firewalld - 映射到服務名稱的數字防火牆埠號在哪裡?
# firewall-cmd --permanent --add-service=nfs # filewall-cmd --permanent --add-service=rpc-bind在 RHEL/CentOS 7.9 中,如果我執行上述操作,防火牆中會打開哪些數字埠號?
服務名稱(例如 rpc-bind)到防火牆埠號的映射在哪裡定義?
我相信
/etc/firewalld/zones/myzone.xml最終一切都歸結為以下內容是否正確?要麼 要麼
tcp和udp一個數字?# sshd <port protocol="tcp" port="22"/> # nfs <port protocol="tcp" port="2049"/> <port protocol="udp" port="2049"/>
TL;DR: 編譯成 firewalld,見源碼。
長答案:請查看firewalld 原始碼庫中的 README。
使用的所有服務
firewalld都在config/services目錄中的 xml 文件中定義。例如,該rpc-bind.xml文件包含:**編輯:**在 rhel/centos 7 中,該位置
/usr/lib/firewalld/services用於 xml 文件。<?xml version="1.0" encoding="utf-8"?> <service> <short>rpc-bind</short> <description>Remote Procedure Call Bind</description> <port protocol="tcp" port="111"/> <port protocol="udp" port="111"/> </service>將 rpc 綁定到 tcp 和 udp 埠 111。類似地,NFS (
nfs, v4) 如下所示:<?xml version="1.0" encoding="utf-8"?> <service> <short>NFS4</short> <description>The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.</description> <port protocol="tcp" port="2049"/> </service>和 NFSv3 (
nfs3) 像這樣:<?xml version="1.0" encoding="utf-8"?> <service> <short>NFS3</short> <description>The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.</description> <port protocol="tcp" port="2049"/> <port protocol="udp" port="2049"/> </service>您還詢問 SSH:
<?xml version="1.0" encoding="utf-8"?> <service> <short>SSH</short> <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description> <port protocol="tcp" port="22"/> </service>這些 XML 定義被編譯到 firewalld 中。