本文主要是介绍firewall-cmd rich-rule,希望对大家解决编程问题提供一定的参考价值,需要的开发者们随着小编来一起学习吧!
firewall-cmd --list-rich-rule
firewall-cmd --query-rich-rule='rule'
firewall-cmd --add-rich-rule='rule'
firewall-cmd --remove-rich-rule='rule'
rich rule语法:
rule [family="rule family"]
[ source [NOT] [address="address"] [mac="mac-address"] [ipset="ipset"] ]
[ destination [NOT] address="address" ]
[ element ]
[ log [prefix="prefix text"] [level="log level"] [limit value="rate/duration"] ]
[ audit ]
[ action ]
element字段只能是一下的一种类型:service, port, protocol, masquerade, icmp-block, forward-port, source-port
service name=${service_name}
port port=${port} protocol=${protocol}
protocol value=${protocol_name_or_ID},名字可以参考/etc/protocols文件
masquerade
forward-port port=${port} protocol=${protocol} to-port=${to-port} to-addr=${to-addr}
log: 新的连接会被记录到内核日志中。
audit: 使用auditd记录日志。
action: 可选值有accept/reject/drop/mark。
这篇关于firewall-cmd rich-rule的文章就介绍到这儿,希望我们推荐的文章对编程师们有所帮助!