CentOS 7: Firewalld는 구성 파일을 무시합니다.

tag-icon tag-icon centos firewalld
CentOS 7: Firewalld는 구성 파일을 무시합니다.

재부팅 후에도 Firewalld가 구성을 유지하지 않는 이유는 무엇입니까?

# systemctl start firewalld


# systemctl -l status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Sat 2016-10-22 16:53:34 PDT; 6s ago
 Main PID: 15163 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─15163 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Oct 22 16:53:34 firewall.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.


# firewall-cmd --get-active-zones
external
  interfaces: enp4s0 enp5s5


# cat /etc/firewalld/zones/external.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>External</short>
  <description>For use on external networks. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <interface name="enp4s0"/>
  <icmp-block name="echo-reply"/>
  <icmp-block name="router-solicitation"/>
  <icmp-block name="destination-unreachable"/>
  <icmp-block name="router-advertisement"/>
  <masquerade/>
</zone>


# cat /etc/firewalld/zones/trusted.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
  <short>Trusted</short>
  <description>All network connections are accepted.</description>
  <interface name="enp5s5"/>
</zone>


# firewall-cmd --change-interface=enp5s5 --zone=trusted
success


# firewall-cmd --get-active-zones
external
  interfaces: enp4s0
trusted
  interfaces: enp5s5


# firewall-cmd --permanent --change-interface=enp5s5 --zone=trusted
success


# systemctl restart firewalld


# systemctl -l status firewalld
firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
   Active: active (running) since Sat 2016-10-22 16:54:58 PDT; 5s ago
 Main PID: 15786 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─15786 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Oct 22 16:54:58 firewall.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.


# firewall-cmd --get-active-zones
external
  interfaces: enp4s0 enp5s5

답변1

해결책을 찾았습니다CentOS 오류 7407

# nmcli conn modify enp5s5 connection.zone trusted
# nmcli conn modify enp4s0 connection.zone external

비어 있는 경우 connection.zone인터페이스는 기본적으로 지정된 영역에 배치됩니다.

관련 정보