firewalld 禁止对外访问
时间: 2023-09-02 14:11:58 浏览: 50
如果你想禁止firewalld的主机对外访问,可以通过添加防火墙规则来实现。
以下是禁止所有对外访问的firewalld规则:
1. 禁止所有外部流量进入:
```
sudo firewall-cmd --zone=public --change-interface=eth0
sudo firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
sudo firewall-cmd --permanent --zone=public --remove-service=mdns
sudo firewall-cmd --permanent --zone=public --remove-service=samba-client
sudo firewall-cmd --permanent --zone=public --remove-service=samba
sudo firewall-cmd --permanent --zone=public --remove-service=ipp-client
sudo firewall-cmd --permanent --zone=public --remove-service=ipp
sudo firewall-cmd --permanent --zone=public --remove-service=http
sudo firewall-cmd --permanent --zone=public --remove-service=https
sudo firewall-cmd --permanent --zone=public --remove-service=ssh
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/16" accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source address="::1/128" accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source address="fe80::/10" accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source address="fc00::/7" accept'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" source address="2000::/3" accept'
sudo firewall-cmd --reload
```
2. 禁止所有外部流量离开:
```
sudo firewall-cmd --zone=public --change-interface=eth0
sudo firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
sudo firewall-cmd --permanent --zone=public --remove-service=mdns
sudo firewall-cmd --permanent --zone=public --remove-service=samba-client
sudo firewall-cmd --permanent --zone=public --remove-service=samba
sudo firewall-cmd --permanent --zone=public --remove-service=ipp-client
sudo firewall-cmd --permanent --zone=public --remove-service=ipp
sudo firewall-cmd --permanent --zone=public --remove-service=http
sudo firewall-cmd --permanent --zone=public --remove-service=https
sudo firewall-cmd --permanent --zone=public --remove-service=ssh
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" destination address="0.0.0.0/0" reject'
sudo firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv6" destination address="::/0" reject'
sudo firewall-cmd --reload
```
请注意,这些规则将禁止所有外部流量进入或离开主机,包括SSH连接等。如果你需要启用特定的服务,你需要添加相应的规则来允许访问。