linux:commands:network:firewall-cmd

差分

このページの2つのバージョン間の差分を表示します。

この比較画面へのリンク

両方とも前のリビジョン 前のリビジョン
次のリビジョン		 前のリビジョン
linux:commands:network:firewall-cmd [2022/09/13 08:32] – [参考文献] ともやんlinux:commands:network:firewall-cmd [2025/02/21 12:16] (現在) – [サービスで許可されるポートを調べる] ともやん
行 1: 行 1:
-====== firewalld(Fedora) ======+====== firewalld (Linux) ======
 firewall-cmd は firewalld パッケージに含まれている。 firewall-cmd は firewalld パッケージに含まれている。
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo dnf install firewalld+<font color="#0087FF"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:solid">sudo</u></font> <font color="#26A269">dnf</font> install firewalld
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
  
-===== 定義済みゾーンの確認 =====+===== 定義済みゾーンの確認 [--get-zones, --list-all-zones] ===== 
 +Fedora 36\\
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-zones+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-zones</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 17: 行 18:
 </WRAP> </WRAP>
  
-===== デフォルトゾーンの確認 ===== 
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-default-zone+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--list-all-zones</font> 
 +</pre></html></WRAP> 
 +<WRAP color_result_long><html><pre> 
 +FedoraServer 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: cockpit dhcpv6-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +FedoraWorkstation (active) 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces: wlp2s0 
 +  sources:  
 +  services: dhcpv6-client mdns samba-client ssh vnc-server 
 +  ports: 1025-65535/udp 1025-65535/tcp 
 +  protocols:  
 +  forward: no 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +block 
 +  target: %%REJECT%% 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services:  
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +dmz 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +drop 
 +  target: DROP 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services:  
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +external 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: yes 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +home 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client mdns samba-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +internal 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client mdns samba-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +libvirt 
 +  target: ACCEPT 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcp dhcpv6 dns ssh tftp 
 +  ports:  
 +  protocols: icmp ipv6-icmp 
 +  forward: no 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + rule priority="32767" reject 
 + 
 +nm-shared 
 +  target: ACCEPT 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcp dns ssh 
 +  ports:  
 +  protocols: icmp ipv6-icmp 
 +  forward: no 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + rule priority="32767" reject 
 + 
 +public 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client mdns ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +trusted 
 +  target: ACCEPT 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services:  
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +work 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client mdns ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +</pre></html></WRAP> 
 +</WRAP> 
 + 
 +Ubuntu 22.04.1 LTS\\ 
 +<WRAP color_term> 
 +<WRAP color_command><html><pre> 
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-zones</font> 
 +</pre></html></WRAP> 
 +<WRAP color_result><html><pre> 
 +block dmz drop external home internal nm-shared public trusted work 
 +</pre></html></WRAP> 
 +</WRAP> 
 + 
 +<WRAP color_term> 
 +<WRAP color_command><html><pre> 
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--list-all-zones</font> 
 +</pre></html></WRAP> 
 +<WRAP color_result_long><html><pre> 
 +block 
 +  target: %%REJECT%% 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services:  
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +dmz 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +drop 
 +  target: DROP 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services:  
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +external 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: yes 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +home 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client mdns samba-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +internal 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client mdns samba-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +nm-shared 
 +  target: ACCEPT 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcp dns ssh 
 +  ports:  
 +  protocols: icmp ipv6-icmp 
 +  forward: no 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + rule priority="32767" reject 
 + 
 +public (active) 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces: enp1s0 
 +  sources:  
 +  services: dhcpv6-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +trusted 
 +  target: ACCEPT 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services:  
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +work 
 +  target: default 
 +  icmp-block-inversion: no 
 +  interfaces:  
 +  sources:  
 +  services: dhcpv6-client ssh 
 +  ports:  
 +  protocols:  
 +  forward: yes 
 +  masquerade: no 
 +  forward-ports:  
 +  source-ports:  
 +  icmp-blocks:  
 +  rich rules:  
 + 
 +</pre></html></WRAP> 
 +</WRAP> 
 + 
 +===== デフォルトゾーンとアクティブゾーンの確認 ===== 
 +<WRAP color_term> 
 +<WRAP color_command><html><pre> 
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-default-zone</font> 
 +</pre></html></WRAP> 
 +<WRAP color_result><html><pre> 
 +FedoraWorkstation 
 +</pre></html></WRAP> 
 +</WRAP> 
 + 
 +<WRAP color_term> 
 +<WRAP color_command><html><pre> 
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-active-zones</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 FedoraWorkstation FedoraWorkstation
 +  interfaces: wlp2s0
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
  
-<WRAP left round tip 95%>+<WRAP left round tip 95% minfont_12>
 はじめに__デフォルトゾーンの確認を行っておくことは重要__です。\\ はじめに__デフォルトゾーンの確認を行っておくことは重要__です。\\
 <html><code>firewall-cmd</code></html> コマンドを <html><code>--zone</code></html> オプションを省略して実行すると、すべての操作はデフォルトゾーンに対して行われます。\\ <html><code>firewall-cmd</code></html> コマンドを <html><code>--zone</code></html> オプションを省略して実行すると、すべての操作はデフォルトゾーンに対して行われます。\\
行 35: 行 420:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-default-zone+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-default-zone</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 41: 行 426:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --list-services+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--list-services</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 47: 行 432:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --zone=FedoraWorkstation --list-services+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--zone=FedoraWorkstation --list-services</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 53: 行 438:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --zone=FedoraServer --list-services+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--zone=FedoraServer --list-services</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 63: 行 448:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-default-zone+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-default-zone</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 69: 行 454:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-active-zones+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-active-zones</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 78: 行 463:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --zone=FedoraServer --change-interface=enp8s0+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--zone=FedoraServer --change-interface=enp8s0</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 84: 行 469:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-active-zones+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-active-zones</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 94: 行 479:
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --list-services+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--list-services</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 114: 行 499:
 </WRAP> </WRAP>
  
-===== デフォルトゾーンの変更 ===== +===== デフォルトゾーンとアクティブゾーンの変更 ===== 
-workゾーンへ変更+デフォルトゾーンを FedoraServer へ変更\\
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --set-default-zone=work+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--set-default-zone=FedoraServer</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
-</WRAP> 
- 
-すべてのアクセスを許可するtrustedゾーンへ変更 
-<WRAP color_term> 
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-sudo firewall-cmd --set-default-zone=trusted+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-default-zone</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +FedoraServer
 </pre></html></WRAP> </pre></html></WRAP>
-</WRAP> 
-※これらの変更はすぐに反映される。 
- 
-===== アクティブゾーンの確認 ===== 
-<WRAP color_term> 
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-active-zones+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--get-active-zones</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
-FedoraServer +FedoraWorkstation 
-  interfaces: br0 ens33+  interfaces: wlp2s0
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
- +※デフォルトゾーンを変更してもアクティブゾーンが変更される訳ではない🤔\\ 
-===== アクティブゾーンの変更 =====+ これらの変更はすぐに反映される🤔\\ 
 +\\ 
 +アクティブゾーンを FedoraServer へ変更\\
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --zone=work --change-interface=ens33+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd </font> <font color="#A347BA">--zone=FedoraServer --change-interface=wlp2s0</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 +</pre></html></WRAP>
 +<WRAP color_command><html><pre>
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd </font> <font color="#A347BA">--get-active-zones</font>
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +FedoraServer
 +  interfaces: wlp2s0
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 157: 行 545:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-sudo firewall-cmd --list-services+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--list-services</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 167: 行 555:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-sudo firewall-cmd --list-ports+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd </font> <font color="#A347BA">--list-ports</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 177: 行 565:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --get-services+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd </font> <font color="#A347BA">--get-services</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 187: 行 575:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --add-service=ssh+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --add-service=ssh</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 196: 行 585:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --remove-service=ssh+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --remove-service=ssh</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 +</pre></html></WRAP>
 +</WRAP>
 +
 +複数サービスの許可を一括で永続的に削除🤤\\
 +<WRAP color_term>
 +<WRAP color_command><html><pre>
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:solid">sudo</u></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--permanent</font> <font color="#A347BA">--remove-service=</font><font color="#12488B"><b>{</b></font><font color="#A347BA">ssh,cockpit</font><font color="#12488B"><b>}</b></font>
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 205: 行 605:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --add-port=22022/tcp+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --add-port=22022/tcp</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 214: 行 615:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --remove-port=22022/tcp+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --remove-port=22022/tcp</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 223: 行 625:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --add-source=192.168.1.0/24+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA"> --permanent --add-source=192.168.1.0/24</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 233: 行 636:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --add-source=192.168.1.0/24 --zone=drop +<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --add-source=192.168.1.0/24 --zone=drop</font>
-$ sudo firewall-cmd --permanent --add-source=192.168.1.1 --zone=drop+
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 +</pre></html></WRAP>
 +<WRAP color_command><html><pre>
 +<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --add-source=192.168.1.1 --zone=drop</font>
 +</pre></html></WRAP>
 +<WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 243: 行 652:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --list-sources --zone=drop+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--list-sources --zone=drop</font>
 192.168.1.0/24 192.168.1.1 192.168.1.0/24 192.168.1.1
 </pre></html></WRAP> </pre></html></WRAP>
行 253: 行 662:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --permanent --remove-source=192.168.1.0/24 --zone=drop +<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --remove-source=192.168.1.0/24 --zone=drop</font> 
-$ sudo firewall-cmd --permanent --remove-source=192.168.1.1 --zone=drop+<font color="#0087FF"><b>$</b></font> <font color="#26A269">sudo firewall-cmd</font> <font color="#A347BA">--permanent --remove-source=192.168.1.1 --zone=drop</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
行 263: 行 672:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ sudo firewall-cmd --reload+<font color="#0087FF"><b>$</b></font> <font color="#26A269"><u style="text-decoration-style:solid">sudo</u></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--reload</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result><html><pre> <WRAP color_result><html><pre>
 +success
 </pre></html></WRAP> </pre></html></WRAP>
 </WRAP> </WRAP>
行 273: 行 683:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-cat /usr/lib/firewalld/services/ldap.xml+<font color="#0087FF"><b>$</b></font> <font color="#26A269">bat</font> <u style="text-decoration-style:solid">/usr/lib/firewalld/services/ldap.xml</u> 
 +</pre></html></WRAP> 
 +<WRAP color_result><html><pre> 
 +<font color="#444444">   1</font> <font color="#FFFFFF">&lt;?</font><font color="#F92672">xml</font><font color="#F8F8F2"> </font><font color="#A6E22E">version</font><font color="#F8F8F2">=</font><font color="#E6DB74">&quot;1.0&quot;</font><font color="#F8F8F2"> </font><font color="#A6E22E">encoding</font><font color="#F8F8F2">=</font><font color="#E6DB74">&quot;utf-8&quot;</font><font color="#FFFFFF">?&gt;</font> 
 +<font color="#444444">   2</font> <font color="#FFFFFF">&lt;</font><font color="#F92672">service</font><font color="#FFFFFF">&gt;</font> 
 +<font color="#444444">   3</font> <font color="#F8F8F2">  </font><font color="#FFFFFF">&lt;</font><font color="#F92672">short</font><font color="#FFFFFF">&gt;</font><font color="#F8F8F2">LDAP</font><font color="#FFFFFF">&lt;/</font><font color="#F92672">short</font><font color="#FFFFFF">&gt;</font> 
 +<font color="#444444">   4</font> <font color="#F8F8F2">  </font><font color="#FFFFFF">&lt;</font><font color="#F92672">description</font><font color="#FFFFFF">&gt;</font><font color="#F8F8F2">Lightweight Directory Access Protocol (LDAP) server</font><font color="#FFFFFF">&lt;/</font><font color="#F92672">description</font><font color="#FFFFFF">&gt;</font> 
 +<font color="#444444">   5</font> <font color="#F8F8F2">  </font><font color="#FFFFFF">&lt;</font><font color="#F92672">port</font><font color="#F8F8F2"> </font><font color="#A6E22E">protocol</font><font color="#F8F8F2">=</font><font color="#E6DB74">&quot;tcp&quot;</font><font color="#F8F8F2"> </font><font color="#A6E22E">port</font><font color="#F8F8F2">=</font><font color="#E6DB74">&quot;389&quot;</font><font color="#FFFFFF">/&gt;</font> 
 +<font color="#444444">   6</font> <font color="#FFFFFF">&lt;/</font><font color="#F92672">service</font><font color="#FFFFFF">&gt;</font>
 </pre></html></WRAP> </pre></html></WRAP>
-<WRAP color_result> 
-<code xml> 
-<?xml version="1.0" encoding="utf-8"?> 
-<service> 
-  <short>LDAP</short> 
-  <description>Lightweight Directory Access Protocol (LDAP) server</description> 
-  <port protocol="tcp" port="389"/> 
-</service> 
-</code></WRAP> 
 </WRAP> </WRAP>
  
行 289: 行 698:
 <WRAP color_term> <WRAP color_term>
 <WRAP color_command><html><pre> <WRAP color_command><html><pre>
-$ firewall-cmd --help+<font color="#0087FF"><b>$</b></font> <font color="#26A269">firewall-cmd</font> <font color="#A347BA">--help</font>
 </pre></html></WRAP> </pre></html></WRAP>
 <WRAP color_result_long><html><pre> <WRAP color_result_long><html><pre>
行 310: 行 719:
 Log Denied Options Log Denied Options
   --get-log-denied     Print the log denied value   --get-log-denied     Print the log denied value
-  --set-log-denied=<value>+  --set-log-denied=&lt;value>
                        Set log denied value                        Set log denied value
  
行 319: 行 728:
 Zone Options Zone Options
   --get-default-zone   Print default zone for connections and interfaces   --get-default-zone   Print default zone for connections and interfaces
-  --set-default-zone=<zone>+  --set-default-zone=&lt;zone>
                        Set default zone                        Set default zone
   --get-active-zones   Print currently active zones   --get-active-zones   Print currently active zones
行 325: 行 734:
   --get-services       Print predefined services [P]   --get-services       Print predefined services [P]
   --get-icmptypes      Print predefined icmptypes [P]   --get-icmptypes      Print predefined icmptypes [P]
-  --get-zone-of-interface=<interface>+  --get-zone-of-interface=&lt;interface>
                        Print name of the zone the interface is bound to [P]                        Print name of the zone the interface is bound to [P]
-  --get-zone-of-source=<source>[/<mask>]|<MAC>|ipset:<ipset>+  --get-zone-of-source=&lt;source>[/&lt;mask>]|&lt;MAC>|ipset:&lt;ipset>
                        Print name of the zone the source is bound to [P]                        Print name of the zone the source is bound to [P]
   --list-all-zones     List everything added for or enabled in all zones [P]   --list-all-zones     List everything added for or enabled in all zones [P]
-  --new-zone=<zone>    Add a new zone [P only] +  --new-zone=&lt;zone>    Add a new zone [P only] 
-  --new-zone-from-file=<filename> [--name=<zone>]+  --new-zone-from-file=&lt;filename> [--name=&lt;zone>]
                        Add a new zone from file with optional name [P only]                        Add a new zone from file with optional name [P only]
-  --delete-zone=<zone> Delete an existing zone [P only] +  --delete-zone=&lt;zone> Delete an existing zone [P only] 
-  --load-zone-defaults=<zone>+  --load-zone-defaults=&lt;zone>
                        Load zone default settings [P only]                        Load zone default settings [P only]
-  --zone=<zone>        Use this zone to set or query options, else default zone+  --zone=&lt;zone>        Use this zone to set or query options, else default zone
                        Usable for options marked with [Z]                        Usable for options marked with [Z]
-  --info-zone=<zone>   Print information about a zone +  --info-zone=&lt;zone>   Print information about a zone 
-  --path-zone=<zone>   Print file path of a zone [P only]+  --path-zone=&lt;zone>   Print file path of a zone [P only]
  
 Policy Options Policy Options
行 346: 行 755:
                        Print currently active policies                        Print currently active policies
   --list-all-policies  List everything added for or enabled in all policies   --list-all-policies  List everything added for or enabled in all policies
-  --new-policy=<policy> +  --new-policy=&lt;policy> 
                        Add a new empty policy                        Add a new empty policy
-  --new-policy-from-file=<filename> [--name=<policy>]+  --new-policy-from-file=&lt;filename> [--name=&lt;policy>]
                        Add a new policy from file with optional name override [P only]                        Add a new policy from file with optional name override [P only]
-  --delete-policy=<policy>+  --delete-policy=&lt;policy>
                        Delete an existing policy                        Delete an existing policy
-  --load-policy-defaults=<policy>+  --load-policy-defaults=&lt;policy>
                        Load policy default settings                        Load policy default settings
-  --policy=<policy>    Use this policy to set or query options+  --policy=&lt;policy>    Use this policy to set or query options
                        Usable for options marked with [O]                        Usable for options marked with [O]
-  --info-policy=<policy>+  --info-policy=&lt;policy>
                        Print information about a policy                        Print information about a policy
-  --path-policy=<policy>+  --path-policy=&lt;policy>
                        Print file path of a policy                        Print file path of a policy
  
 IPSet Options IPSet Options
   --get-ipset-types    Print the supported ipset types   --get-ipset-types    Print the supported ipset types
-  --new-ipset=<ipset> --type=<ipset type> [--option=<key>[=<value>]]..+  --new-ipset=&lt;ipset> --type=&lt;ipset type> [--option=&lt;key>[=&lt;value>]]..
                        Add a new ipset [P only]                        Add a new ipset [P only]
-  --new-ipset-from-file=<filename> [--name=<ipset>]+  --new-ipset-from-file=&lt;filename> [--name=&lt;ipset>]
                        Add a new ipset from file with optional name [P only]                        Add a new ipset from file with optional name [P only]
-  --delete-ipset=<ipset>+  --delete-ipset=&lt;ipset>
                        Delete an existing ipset [P only]                        Delete an existing ipset [P only]
-  --load-ipset-defaults=<ipset>+  --load-ipset-defaults=&lt;ipset>
                        Load ipset default settings [P only]                        Load ipset default settings [P only]
-  --info-ipset=<ipset> Print information about an ipset +  --info-ipset=&lt;ipset> Print information about an ipset 
-  --path-ipset=<ipset> Print file path of an ipset [P only]+  --path-ipset=&lt;ipset> Print file path of an ipset [P only]
   --get-ipsets         Print predefined ipsets   --get-ipsets         Print predefined ipsets
-  --ipset=<ipset> --set-description=<description>+  --ipset=&lt;ipset> --set-description=&lt;description>
                        Set new description to ipset [P only]                        Set new description to ipset [P only]
-  --ipset=<ipset> --get-description+  --ipset=&lt;ipset> --get-description
                        Print description for ipset [P only]                        Print description for ipset [P only]
-  --ipset=<ipset> --set-short=<description>+  --ipset=&lt;ipset> --set-short=&lt;description>
                        Set new short description to ipset [P only]                        Set new short description to ipset [P only]
-  --ipset=<ipset> --get-short+  --ipset=&lt;ipset> --get-short
                        Print short description for ipset [P only]                        Print short description for ipset [P only]
-  --ipset=<ipset> --add-entry=<entry>+  --ipset=&lt;ipset> --add-entry=&lt;entry>
                        Add a new entry to an ipset [P]                        Add a new entry to an ipset [P]
-  --ipset=<ipset> --remove-entry=<entry>+  --ipset=&lt;ipset> --remove-entry=&lt;entry>
                        Remove an entry from an ipset [P]                        Remove an entry from an ipset [P]
-  --ipset=<ipset> --query-entry=<entry>+  --ipset=&lt;ipset> --query-entry=&lt;entry>
                        Return whether ipset has an entry [P]                        Return whether ipset has an entry [P]
-  --ipset=<ipset> --get-entries+  --ipset=&lt;ipset> --get-entries
                        List entries of an ipset [P]                        List entries of an ipset [P]
-  --ipset=<ipset> --add-entries-from-file=<entry>+  --ipset=&lt;ipset> --add-entries-from-file=&lt;entry>
                        Add a new entries to an ipset [P]                        Add a new entries to an ipset [P]
-  --ipset=<ipset> --remove-entries-from-file=<entry>+  --ipset=&lt;ipset> --remove-entries-from-file=&lt;entry>
                        Remove entries from an ipset [P]                        Remove entries from an ipset [P]
  
 IcmpType Options IcmpType Options
-  --new-icmptype=<icmptype>+  --new-icmptype=&lt;icmptype>
                        Add a new icmptype [P only]                        Add a new icmptype [P only]
-  --new-icmptype-from-file=<filename> [--name=<icmptype>]+  --new-icmptype-from-file=&lt;filename> [--name=&lt;icmptype>]
                        Add a new icmptype from file with optional name [P only]                        Add a new icmptype from file with optional name [P only]
-  --delete-icmptype=<icmptype>+  --delete-icmptype=&lt;icmptype>
                        Delete an existing icmptype [P only]                        Delete an existing icmptype [P only]
-  --load-icmptype-defaults=<icmptype>+  --load-icmptype-defaults=&lt;icmptype>
                        Load icmptype default settings [P only]                        Load icmptype default settings [P only]
-  --info-icmptype=<icmptype>+  --info-icmptype=&lt;icmptype>
                        Print information about an icmptype                        Print information about an icmptype
-  --path-icmptype=<icmptype>+  --path-icmptype=&lt;icmptype>
                        Print file path of an icmptype [P only]                        Print file path of an icmptype [P only]
-  --icmptype=<icmptype> --set-description=<description>+  --icmptype=&lt;icmptype> --set-description=&lt;description>
                        Set new description to icmptype [P only]                        Set new description to icmptype [P only]
-  --icmptype=<icmptype> --get-description+  --icmptype=&lt;icmptype> --get-description
                        Print description for icmptype [P only]                        Print description for icmptype [P only]
-  --icmptype=<icmptype> --set-short=<description>+  --icmptype=&lt;icmptype> --set-short=&lt;description>
                        Set new short description to icmptype [P only]                        Set new short description to icmptype [P only]
-  --icmptype=<icmptype> --get-short+  --icmptype=&lt;icmptype> --get-short
                        Print short description for icmptype [P only]                        Print short description for icmptype [P only]
-  --icmptype=<icmptype> --add-destination=<ipv>+  --icmptype=&lt;icmptype> --add-destination=&lt;ipv>
                        Enable destination for ipv in icmptype [P only]                        Enable destination for ipv in icmptype [P only]
-  --icmptype=<icmptype> --remove-destination=<ipv>+  --icmptype=&lt;icmptype> --remove-destination=&lt;ipv>
                        Disable destination for ipv in icmptype [P only]                        Disable destination for ipv in icmptype [P only]
-  --icmptype=<icmptype> --query-destination=<ipv>+  --icmptype=&lt;icmptype> --query-destination=&lt;ipv>
                        Return whether destination ipv is enabled in icmptype [P only]                        Return whether destination ipv is enabled in icmptype [P only]
-  --icmptype=<icmptype> --get-destinations+  --icmptype=&lt;icmptype> --get-destinations
                        List destinations in icmptype [P only]                        List destinations in icmptype [P only]
  
 Service Options Service Options
-  --new-service=<service>+  --new-service=&lt;service>
                        Add a new service [P only]                        Add a new service [P only]
-  --new-service-from-file=<filename> [--name=<service>]+  --new-service-from-file=&lt;filename> [--name=&lt;service>]
                        Add a new service from file with optional name [P only]                        Add a new service from file with optional name [P only]
-  --delete-service=<service>+  --delete-service=&lt;service>
                        Delete an existing service [P only]                        Delete an existing service [P only]
-  --load-service-defaults=<service>+  --load-service-defaults=&lt;service>
                        Load icmptype default settings [P only]                        Load icmptype default settings [P only]
-  --info-service=<service>+  --info-service=&lt;service>
                        Print information about a service                        Print information about a service
-  --path-service=<service>+  --path-service=&lt;service>
                        Print file path of a service [P only]                        Print file path of a service [P only]
-  --service=<service> --set-description=<description>+  --service=&lt;service> --set-description=&lt;description>
                        Set new description to service [P only]                        Set new description to service [P only]
-  --service=<service> --get-description+  --service=&lt;service> --get-description
                        Print description for service [P only]                        Print description for service [P only]
-  --service=<service> --set-short=<description>+  --service=&lt;service> --set-short=&lt;description>
                        Set new short description to service [P only]                        Set new short description to service [P only]
-  --service=<service> --get-short+  --service=&lt;service> --get-short
                        Print short description for service [P only]                        Print short description for service [P only]
-  --service=<service> --add-port=<portid>[-<portid>]/<protocol>+  --service=&lt;service> --add-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Add a new port to service [P only]                        Add a new port to service [P only]
-  --service=<service> --remove-port=<portid>[-<portid>]/<protocol>+  --service=&lt;service> --remove-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Remove a port from service [P only]                        Remove a port from service [P only]
-  --service=<service> --query-port=<portid>[-<portid>]/<protocol>+  --service=&lt;service> --query-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Return whether the port has been added for service [P only]                        Return whether the port has been added for service [P only]
-  --service=<service> --get-ports+  --service=&lt;service> --get-ports
                        List ports of service [P only]                        List ports of service [P only]
-  --service=<service> --add-protocol=<protocol>+  --service=&lt;service> --add-protocol=&lt;protocol>
                        Add a new protocol to service [P only]                        Add a new protocol to service [P only]
-  --service=<service> --remove-protocol=<protocol>+  --service=&lt;service> --remove-protocol=&lt;protocol>
                        Remove a protocol from service [P only]                        Remove a protocol from service [P only]
-  --service=<service> --query-protocol=<protocol>+  --service=&lt;service> --query-protocol=&lt;protocol>
                        Return whether the protocol has been added for service [P only]                        Return whether the protocol has been added for service [P only]
-  --service=<service> --get-protocols+  --service=&lt;service> --get-protocols
                        List protocols of service [P only]                        List protocols of service [P only]
-  --service=<service> --add-source-port=<portid>[-<portid>]/<protocol>+  --service=&lt;service> --add-source-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Add a new source port to service [P only]                        Add a new source port to service [P only]
-  --service=<service> --remove-source-port=<portid>[-<portid>]/<protocol>+  --service=&lt;service> --remove-source-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Remove a source port from service [P only]                        Remove a source port from service [P only]
-  --service=<service> --query-source-port=<portid>[-<portid>]/<protocol>+  --service=&lt;service> --query-source-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Return whether the source port has been added for service [P only]                        Return whether the source port has been added for service [P only]
-  --service=<service> --get-source-ports+  --service=&lt;service> --get-source-ports
                        List source ports of service [P only]                        List source ports of service [P only]
-  --service=<service> --add-helper=<helper>+  --service=&lt;service> --add-helper=&lt;helper>
                        Add a new helper to service [P only]                        Add a new helper to service [P only]
-  --service=<service> --remove-helper=<helper>+  --service=&lt;service> --remove-helper=&lt;helper>
                        Remove a helper from service [P only]                        Remove a helper from service [P only]
-  --service=<service> --query-helper=<helper>+  --service=&lt;service> --query-helper=&lt;helper>
                        Return whether the helper has been added for service [P only]                        Return whether the helper has been added for service [P only]
-  --service=<service> --get-service-helpers+  --service=&lt;service> --get-service-helpers
                        List helpers of service [P only]                        List helpers of service [P only]
-  --service=<service> --set-destination=<ipv>:<address>[/<mask>]+  --service=&lt;service> --set-destination=&lt;ipv>:&lt;address>[/&lt;mask>]
                        Set destination for ipv to address in service [P only]                        Set destination for ipv to address in service [P only]
-  --service=<service> --remove-destination=<ipv>+  --service=&lt;service> --remove-destination=&lt;ipv>
                        Disable destination for ipv i service [P only]                        Disable destination for ipv i service [P only]
-  --service=<service> --query-destination=<ipv>:<address>[/<mask>]+  --service=&lt;service> --query-destination=&lt;ipv>:&lt;address>[/&lt;mask>]
                        Return whether destination ipv is set for service [P only]                        Return whether destination ipv is set for service [P only]
-  --service=<service> --get-destinations+  --service=&lt;service> --get-destinations
                        List destinations in service [P only]                        List destinations in service [P only]
-  --service=<service> --add-include=<service>+  --service=&lt;service> --add-include=&lt;service>
                        Add a new include to service [P only]                        Add a new include to service [P only]
-  --service=<service> --remove-include=<service>+  --service=&lt;service> --remove-include=&lt;service>
                        Remove a include from service [P only]                        Remove a include from service [P only]
-  --service=<service> --query-include=<service>+  --service=&lt;service> --query-include=&lt;service>
                        Return whether the include has been added for service [P only]                        Return whether the include has been added for service [P only]
-  --service=<service> --get-includes+  --service=&lt;service> --get-includes
                        List includes of service [P only]                        List includes of service [P only]
  
 Options to Adapt and Query Zones and Policies Options to Adapt and Query Zones and Policies
   --list-all           List everything added for or enabled [P] [Z] [O]   --list-all           List everything added for or enabled [P] [Z] [O]
-  --timeout=<timeval>  Enable an option for timeval time, where timeval is+  --timeout=&lt;timeval>  Enable an option for timeval time, where timeval is
                        a number followed by one of letters 's' or 'm' or 'h'                        a number followed by one of letters 's' or 'm' or 'h'
                        Usable for options marked with [T]                        Usable for options marked with [T]
-  --set-description=<description>+  --set-description=&lt;description>
                        Set new description [P only] [Z] [O]                        Set new description [P only] [Z] [O]
   --get-description    Print description [P only] [Z] [O]   --get-description    Print description [P only] [Z] [O]
   --get-target         Get the target [P only] [Z] [O]   --get-target         Get the target [P only] [Z] [O]
-  --set-target=<target>+  --set-target=&lt;target>
                        Set the target [P only] [Z] [O]                        Set the target [P only] [Z] [O]
-  --set-short=<description>+  --set-short=&lt;description>
                        Set new short description [Z] [O]                        Set new short description [Z] [O]
   --get-short          Print short description [P only] [Z] [O]   --get-short          Print short description [P only] [Z] [O]
   --list-services      List services added [P] [Z]   --list-services      List services added [P] [Z]
-  --add-service=<service>+  --add-service=&lt;service>
                        Add a service [P] [Z] [O] [T]                        Add a service [P] [Z] [O] [T]
-  --remove-service=<service>+  --remove-service=&lt;service>
                        Remove a service [P] [Z] [O]                        Remove a service [P] [Z] [O]
-  --query-service=<service>+  --query-service=&lt;service>
                        Return whether service has been added [P] [Z] [O]                        Return whether service has been added [P] [Z] [O]
   --list-ports         List ports added [P] [Z] [O]   --list-ports         List ports added [P] [Z] [O]
-  --add-port=<portid>[-<portid>]/<protocol>+  --add-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Add the port [P] [Z] [O] [T]                        Add the port [P] [Z] [O] [T]
-  --remove-port=<portid>[-<portid>]/<protocol>+  --remove-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Remove the port [P] [Z] [O]                        Remove the port [P] [Z] [O]
-  --query-port=<portid>[-<portid>]/<protocol>+  --query-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Return whether the port has been added [P] [Z] [O]                        Return whether the port has been added [P] [Z] [O]
   --list-protocols     List protocols added [P] [Z] [O]   --list-protocols     List protocols added [P] [Z] [O]
-  --add-protocol=<protocol>+  --add-protocol=&lt;protocol>
                        Add the protocol [P] [Z] [O] [T]                        Add the protocol [P] [Z] [O] [T]
-  --remove-protocol=<protocol>+  --remove-protocol=&lt;protocol>
                        Remove the protocol [P] [Z] [O]                        Remove the protocol [P] [Z] [O]
-  --query-protocol=<protocol>+  --query-protocol=&lt;protocol>
                        Return whether the protocol has been added [P] [Z] [O]                        Return whether the protocol has been added [P] [Z] [O]
   --list-source-ports  List source ports added [P] [Z] [O]   --list-source-ports  List source ports added [P] [Z] [O]
-  --add-source-port=<portid>[-<portid>]/<protocol>+  --add-source-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Add the source port [P] [Z] [O] [T]                        Add the source port [P] [Z] [O] [T]
-  --remove-source-port=<portid>[-<portid>]/<protocol>+  --remove-source-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Remove the source port [P] [Z] [O]                        Remove the source port [P] [Z] [O]
-  --query-source-port=<portid>[-<portid>]/<protocol>+  --query-source-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Return whether the source port has been added [P] [Z] [O]                        Return whether the source port has been added [P] [Z] [O]
   --list-icmp-blocks   List Internet ICMP type blocks added [P] [Z] [O]   --list-icmp-blocks   List Internet ICMP type blocks added [P] [Z] [O]
-  --add-icmp-block=<icmptype>+  --add-icmp-block=&lt;icmptype>
                        Add an ICMP block [P] [Z] [O] [T]                        Add an ICMP block [P] [Z] [O] [T]
-  --remove-icmp-block=<icmptype>+  --remove-icmp-block=&lt;icmptype>
                        Remove the ICMP block [P] [Z] [O]                        Remove the ICMP block [P] [Z] [O]
-  --query-icmp-block=<icmptype>+  --query-icmp-block=&lt;icmptype>
                        Return whether an ICMP block has been added [P] [Z] [O]                        Return whether an ICMP block has been added [P] [Z] [O]
   --list-forward-ports List IPv4 forward ports added [P] [Z] [O]   --list-forward-ports List IPv4 forward ports added [P] [Z] [O]
-  --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]+  --add-forward-port=port=&lt;portid>[-&lt;portid>]:proto=&lt;protocol>[:toport=&lt;portid>[-&lt;portid>]][:toaddr=&lt;address>[/&lt;mask>]]
                        Add the IPv4 forward port [P] [Z] [O] [T]                        Add the IPv4 forward port [P] [Z] [O] [T]
-  --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]+  --remove-forward-port=port=&lt;portid>[-&lt;portid>]:proto=&lt;protocol>[:toport=&lt;portid>[-&lt;portid>]][:toaddr=&lt;address>[/&lt;mask>]]
                        Remove the IPv4 forward port [P] [Z] [O]                        Remove the IPv4 forward port [P] [Z] [O]
-  --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]+  --query-forward-port=port=&lt;portid>[-&lt;portid>]:proto=&lt;protocol>[:toport=&lt;portid>[-&lt;portid>]][:toaddr=&lt;address>[/&lt;mask>]]
                        Return whether the IPv4 forward port has been added [P] [Z] [O]                        Return whether the IPv4 forward port has been added [P] [Z] [O]
   --add-masquerade     Enable IPv4 masquerade [P] [Z] [O] [T]   --add-masquerade     Enable IPv4 masquerade [P] [Z] [O] [T]
行 555: 行 964:
   --query-masquerade   Return whether IPv4 masquerading has been enabled [P] [Z] [O]   --query-masquerade   Return whether IPv4 masquerading has been enabled [P] [Z] [O]
   --list-rich-rules    List rich language rules added [P] [Z] [O]   --list-rich-rules    List rich language rules added [P] [Z] [O]
-  --add-rich-rule=<rule>+  --add-rich-rule=&lt;rule>
                        Add rich language rule 'rule' [P] [Z] [O] [T]                        Add rich language rule 'rule' [P] [Z] [O] [T]
-  --remove-rich-rule=<rule>+  --remove-rich-rule=&lt;rule>
                        Remove rich language rule 'rule' [P] [Z] [O]                        Remove rich language rule 'rule' [P] [Z] [O]
-  --query-rich-rule=<rule>+  --query-rich-rule=&lt;rule>
                        Return whether a rich language rule 'rule' has been                        Return whether a rich language rule 'rule' has been
                        added [P] [Z] [O]                        added [P] [Z] [O]
行 580: 行 989:
 Options to Adapt and Query Policies Options to Adapt and Query Policies
   --get-priority       Get the priority [P only] [O]   --get-priority       Get the priority [P only] [O]
-  --set-priority=<priority>+  --set-priority=&lt;priority>
                        Set the priority [P only] [O]                        Set the priority [P only] [O]
   --list-ingress-zones   --list-ingress-zones
                        List ingress zones that are bound to a policy [P] [O]                        List ingress zones that are bound to a policy [P] [O]
-  --add-ingress-zone=<zone>+  --add-ingress-zone=&lt;zone>
                        Add the ingress zone to a policy [P] [O]                        Add the ingress zone to a policy [P] [O]
-  --remove-ingress-zone=<zone>+  --remove-ingress-zone=&lt;zone>
                        Remove the ingress zone from a policy [P] [O]                        Remove the ingress zone from a policy [P] [O]
-  --query-ingress-zone=<zone>+  --query-ingress-zone=&lt;zone>
                        Query whether the ingress zone has been adedd to a                        Query whether the ingress zone has been adedd to a
                        policy [P] [O]                        policy [P] [O]
   --list-egress-zones   --list-egress-zones
                        List egress zones that are bound to a policy [P] [O]                        List egress zones that are bound to a policy [P] [O]
-  --add-egress-zone=<zone>+  --add-egress-zone=&lt;zone>
                        Add the egress zone to a policy [P] [O]                        Add the egress zone to a policy [P] [O]
-  --remove-egress-zone=<zone>+  --remove-egress-zone=&lt;zone>
                        Remove the egress zone from a policy [P] [O]                        Remove the egress zone from a policy [P] [O]
-  --query-egress-zone=<zone>+  --query-egress-zone=&lt;zone>
                        Query whether the egress zone has been adedd to a                        Query whether the egress zone has been adedd to a
                        policy [P] [O]                        policy [P] [O]
行 603: 行 1012:
 Options to Handle Bindings of Interfaces Options to Handle Bindings of Interfaces
   --list-interfaces    List interfaces that are bound to a zone [P] [Z]   --list-interfaces    List interfaces that are bound to a zone [P] [Z]
-  --add-interface=<interface> +  --add-interface=&lt;interface> 
-                       Bind the <interface> to a zone [P] [Z] +                       Bind the &lt;interface> to a zone [P] [Z] 
-  --change-interface=<interface> +  --change-interface=&lt;interface> 
-                       Change zone the <interface> is bound to [P] [Z] +                       Change zone the &lt;interface> is bound to [P] [Z] 
-  --query-interface=<interface> +  --query-interface=&lt;interface> 
-                       Query whether <interface> is bound to a zone [P] [Z] +                       Query whether &lt;interface> is bound to a zone [P] [Z] 
-  --remove-interface=<interface> +  --remove-interface=&lt;interface> 
-                       Remove binding of <interface> from a zone [P] [Z]+                       Remove binding of &lt;interface> from a zone [P] [Z]
  
 Options to Handle Bindings of Sources Options to Handle Bindings of Sources
   --list-sources       List sources that are bound to a zone [P] [Z]   --list-sources       List sources that are bound to a zone [P] [Z]
-  --add-source=<source>[/<mask>]|<MAC>|ipset:<ipset>+  --add-source=&lt;source>[/&lt;mask>]|&lt;MAC>|ipset:&lt;ipset>
                        Bind the source to a zone [P] [Z]                        Bind the source to a zone [P] [Z]
-  --change-source=<source>[/<mask>]|<MAC>|ipset:<ipset>+  --change-source=&lt;source>[/&lt;mask>]|&lt;MAC>|ipset:&lt;ipset>
                        Change zone the source is bound to [Z]                        Change zone the source is bound to [Z]
-  --query-source=<source>[/<mask>]|<MAC>|ipset:<ipset>+  --query-source=&lt;source>[/&lt;mask>]|&lt;MAC>|ipset:&lt;ipset>
                        Query whether the source is bound to a zone [P] [Z]                        Query whether the source is bound to a zone [P] [Z]
-  --remove-source=<source>[/<mask>]|<MAC>|ipset:<ipset>+  --remove-source=&lt;source>[/&lt;mask>]|&lt;MAC>|ipset:&lt;ipset>
                        Remove binding of the source from a zone [P] [Z]                        Remove binding of the source from a zone [P] [Z]
  
 Helper Options Helper Options
-  --new-helper=<helper> --module=<module> [--family=<family>]+  --new-helper=&lt;helper> --module=&lt;module> [--family=&lt;family>]
                        Add a new helper [P only]                        Add a new helper [P only]
-  --new-helper-from-file=<filename> [--name=<helper>]+  --new-helper-from-file=&lt;filename> [--name=&lt;helper>]
                        Add a new helper from file with optional name [P only]                        Add a new helper from file with optional name [P only]
-  --delete-helper=<helper>+  --delete-helper=&lt;helper>
                        Delete an existing helper [P only]                        Delete an existing helper [P only]
-  --load-helper-defaults=<helper>+  --load-helper-defaults=&lt;helper>
                        Load helper default settings [P only]                        Load helper default settings [P only]
-  --info-helper=<helper> Print information about an helper +  --info-helper=&lt;helper> Print information about an helper 
-  --path-helper=<helper> Print file path of an helper [P only]+  --path-helper=&lt;helper> Print file path of an helper [P only]
   --get-helpers         Print predefined helpers   --get-helpers         Print predefined helpers
-  --helper=<helper> --set-description=<description>+  --helper=&lt;helper> --set-description=&lt;description>
                        Set new description to helper [P only]                        Set new description to helper [P only]
-  --helper=<helper> --get-description+  --helper=&lt;helper> --get-description
                        Print description for helper [P only]                        Print description for helper [P only]
-  --helper=<helper> --set-short=<description>+  --helper=&lt;helper> --set-short=&lt;description>
                        Set new short description to helper [P only]                        Set new short description to helper [P only]
-  --helper=<helper> --get-short+  --helper=&lt;helper> --get-short
                        Print short description for helper [P only]                        Print short description for helper [P only]
-  --helper=<helper> --add-port=<portid>[-<portid>]/<protocol>+  --helper=&lt;helper> --add-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Add a new port to helper [P only]                        Add a new port to helper [P only]
-  --helper=<helper> --remove-port=<portid>[-<portid>]/<protocol>+  --helper=&lt;helper> --remove-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Remove a port from helper [P only]                        Remove a port from helper [P only]
-  --helper=<helper> --query-port=<portid>[-<portid>]/<protocol>+  --helper=&lt;helper> --query-port=&lt;portid>[-&lt;portid>]/&lt;protocol>
                        Return whether the port has been added for helper [P only]                        Return whether the port has been added for helper [P only]
-  --helper=<helper> --get-ports+  --helper=&lt;helper> --get-ports
                        List ports of helper [P only]                        List ports of helper [P only]
-  --helper=<helper> --set-module=<module>+  --helper=&lt;helper> --set-module=&lt;module>
                        Set module to helper [P only]                        Set module to helper [P only]
-  --helper=<helper> --get-module+  --helper=&lt;helper> --get-module
                        Get module from helper [P only]                        Get module from helper [P only]
-  --helper=<helper> --set-family={ipv4|ipv6|}+  --helper=&lt;helper> --set-family={ipv4|ipv6|}
                        Set family for helper [P only]                        Set family for helper [P only]
-  --helper=<helper> --get-family+  --helper=&lt;helper> --get-family
                        Get module from helper [P only]                        Get module from helper [P only]
  
行 664: 行 1073:
   --get-all-chains   --get-all-chains
                        Get all chains [P]                        Get all chains [P]
-  --get-chains {ipv4|ipv6|eb} <table>+  --get-chains {ipv4|ipv6|eb} &lt;table>
                        Get all chains added to the table [P]                        Get all chains added to the table [P]
-  --add-chain {ipv4|ipv6|eb} <table> <chain>+  --add-chain {ipv4|ipv6|eb} &lt;table> &lt;chain>
                        Add a new chain to the table [P]                        Add a new chain to the table [P]
-  --remove-chain {ipv4|ipv6|eb} <table> <chain>+  --remove-chain {ipv4|ipv6|eb} &lt;table> &lt;chain>
                        Remove the chain from the table [P]                        Remove the chain from the table [P]
-  --query-chain {ipv4|ipv6|eb} <table> <chain>+  --query-chain {ipv4|ipv6|eb} &lt;table> &lt;chain>
                        Return whether the chain has been added to the table [P]                        Return whether the chain has been added to the table [P]
   --get-all-rules   --get-all-rules
                        Get all rules [P]                        Get all rules [P]
-  --get-rules {ipv4|ipv6|eb} <table> <chain>+  --get-rules {ipv4|ipv6|eb} &lt;table> &lt;chain>
                        Get all rules added to chain in table [P]                        Get all rules added to chain in table [P]
-  --add-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...+  --add-rule {ipv4|ipv6|eb} &lt;table> &lt;chain> &lt;priority> &lt;arg>...
                        Add rule to chain in table [P]                        Add rule to chain in table [P]
-  --remove-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...+  --remove-rule {ipv4|ipv6|eb} &lt;table> &lt;chain> &lt;priority> &lt;arg>...
                        Remove rule with priority from chain in table [P]                        Remove rule with priority from chain in table [P]
-  --remove-rules {ipv4|ipv6|eb} <table> <chain>+  --remove-rules {ipv4|ipv6|eb} &lt;table> &lt;chain>
                        Remove rules from chain in table [P]                        Remove rules from chain in table [P]
-  --query-rule {ipv4|ipv6|eb} <table> <chain> <priority> <arg>...+  --query-rule {ipv4|ipv6|eb} &lt;table> &lt;chain> &lt;priority> &lt;arg>...
                        Return whether a rule with priority has been added to                        Return whether a rule with priority has been added to
                        chain in table [P]                        chain in table [P]
-  --passthrough {ipv4|ipv6|eb} <arg>...+  --passthrough {ipv4|ipv6|eb} &lt;arg>...
                        Pass a command through (untracked by firewalld)                        Pass a command through (untracked by firewalld)
   --get-all-passthroughs   --get-all-passthroughs
                        Get all tracked passthrough rules [P]                        Get all tracked passthrough rules [P]
-  --get-passthroughs {ipv4|ipv6|eb} <arg>...+  --get-passthroughs {ipv4|ipv6|eb} &lt;arg>...
                        Get tracked passthrough rules [P]                        Get tracked passthrough rules [P]
-  --add-passthrough {ipv4|ipv6|eb} <arg>...+  --add-passthrough {ipv4|ipv6|eb} &lt;arg>...
                        Add a new tracked passthrough rule [P]                        Add a new tracked passthrough rule [P]
-  --remove-passthrough {ipv4|ipv6|eb} <arg>...+  --remove-passthrough {ipv4|ipv6|eb} &lt;arg>...
                        Remove a tracked passthrough rule [P]                        Remove a tracked passthrough rule [P]
-  --query-passthrough {ipv4|ipv6|eb} <arg>...+  --query-passthrough {ipv4|ipv6|eb} &lt;arg>...
                        Return whether the tracked passthrough rule has been                        Return whether the tracked passthrough rule has been
                        added [P]                        added [P]
行 707: 行 1116:
   --list-lockdown-whitelist-commands   --list-lockdown-whitelist-commands
                        List all command lines that are on the whitelist [P]                        List all command lines that are on the whitelist [P]
-  --add-lockdown-whitelist-command=<command>+  --add-lockdown-whitelist-command=&lt;command>
                        Add the command to the whitelist [P]                        Add the command to the whitelist [P]
-  --remove-lockdown-whitelist-command=<command>+  --remove-lockdown-whitelist-command=&lt;command>
                        Remove the command from the whitelist [P]                        Remove the command from the whitelist [P]
-  --query-lockdown-whitelist-command=<command>+  --query-lockdown-whitelist-command=&lt;command>
                        Query whether the command is on the whitelist [P]                        Query whether the command is on the whitelist [P]
   --list-lockdown-whitelist-contexts   --list-lockdown-whitelist-contexts
                        List all contexts that are on the whitelist [P]                        List all contexts that are on the whitelist [P]
-  --add-lockdown-whitelist-context=<context>+  --add-lockdown-whitelist-context=&lt;context>
                        Add the context context to the whitelist [P]                        Add the context context to the whitelist [P]
-  --remove-lockdown-whitelist-context=<context>+  --remove-lockdown-whitelist-context=&lt;context>
                        Remove the context from the whitelist [P]                        Remove the context from the whitelist [P]
-  --query-lockdown-whitelist-context=<context>+  --query-lockdown-whitelist-context=&lt;context>
                        Query whether the context is on the whitelist [P]                        Query whether the context is on the whitelist [P]
   --list-lockdown-whitelist-uids   --list-lockdown-whitelist-uids
                        List all user ids that are on the whitelist [P]                        List all user ids that are on the whitelist [P]
-  --add-lockdown-whitelist-uid=<uid>+  --add-lockdown-whitelist-uid=&lt;uid>
                        Add the user id uid to the whitelist [P]                        Add the user id uid to the whitelist [P]
-  --remove-lockdown-whitelist-uid=<uid>+  --remove-lockdown-whitelist-uid=&lt;uid>
                        Remove the user id uid from the whitelist [P]                        Remove the user id uid from the whitelist [P]
-  --query-lockdown-whitelist-uid=<uid>+  --query-lockdown-whitelist-uid=&lt;uid>
                        Query whether the user id uid is on the whitelist [P]                        Query whether the user id uid is on the whitelist [P]
   --list-lockdown-whitelist-users   --list-lockdown-whitelist-users
                        List all user names that are on the whitelist [P]                        List all user names that are on the whitelist [P]
-  --add-lockdown-whitelist-user=<user>+  --add-lockdown-whitelist-user=&lt;user>
                        Add the user name user to the whitelist [P]                        Add the user name user to the whitelist [P]
-  --remove-lockdown-whitelist-user=<user>+  --remove-lockdown-whitelist-user=&lt;user>
                        Remove the user name user from the whitelist [P]                        Remove the user name user from the whitelist [P]
-  --query-lockdown-whitelist-user=<user>+  --query-lockdown-whitelist-user=&lt;user>
                        Query whether the user name user is on the whitelist [P]                        Query whether the user name user is on the whitelist [P]
  
  • linux/commands/network/firewall-cmd.1663025576.txt.gz
  • 最終更新: 2022/09/13 08:32
  • by ともやん