firewalld.service

Name

firewalld.service — firewalld service configuration files

Synopsis

/etc/firewalld/services/service.xml

/usr/lib/firewalld/services/service.xml

Description

A firewalld service configuration file provides the information of a service entry for firewalld. The most important configuration options are ports, modules and destination addresses.

This example configuration file shows the structure of a service configuration file:

<?xml version="1.0" encoding="utf-8"?>

<service>

  <short>My Service</short>

  <description>description</description>

  <port port="137" protocol="tcp"/>

  <protocol value="igmp"/>

  <module name="nf_conntrack_netbios_ns"/>

  <destination ipv4="224.0.0.251" ipv6="ff02::fb"/>

</service>

Options

The config can contain these tags and attributes. Some of them are mandatory, others optional.

service

The mandatory service start and end tag defines the service. This tag can only be used once in a service configuration file. There are optional attributes for services:

version="string"

To give the service a version.

short

Is an optional start and end tag and is used to give an icmptype a more readable name.

description

Is an optional start and end tag to have a description for a icmptype.

port

Is an optional empty-element tag and can be used several times to have more than one port entry. All attributes of a port entry are mandatory:

port="string"

The port string can be a single port number or a port range portid-portid or also empty to match a protocol only.

protocol="string"

The protocol value can either be tcpudpsctp or dccp.

For compatibility with older firewalld versions, it is possible to add protocols with the port option where the port is empty. With the addition of native protocol support in the service, this it not needed anymore. These entries will automatically be converted to protocols. With the next modification of the service file, the enries will be listed as protocols.

protocol

Is an optional empty-element tag and can be used several times to have more than one protocol entry. A protocol entry has exactly one attribute:

value="string"

The protocol can be any protocol supported by the system. Please have a look at /etc/protocols for supported protocols.

source-port

Is an optional empty-element tag and can be used several times to have more than one source port entry. All attributes of a source port entry are mandatory:

port="string"

The port string can be a single port number or a port range portid-portid.

protocol="string"

The protocol value can either be tcpudpsctp or dccp.

module

Is an optional empty-element tag and can be used several times to enable more than one netfilter kernel helper for the service. A module entry has exactly one attribute:

name="string"

Defines the name of the kernel netfilter helper as a string.

destination

Is an optional empty-element tag and can be used only once. The destination specifies the destination network as a network IP address (optional with /mask), or a plain IP address. The use of hostnames is not recommended, because these will only be resolved at service activation and transmitted to the kernel. For more information in this element, please have a look at --destination in iptables(8) and ip6tables(8).

ipv4="address[/mask]"

The IPv4 destination address with optional mask.

ipv6="address[/mask]"

The IPv6 destination address with optional mask.

通过文件配置:firewalld.service(5)的更多相关文章

  1. centos7 && centos6.5部KVM使用NAT联网并为虚拟机配置firewalld && iptables防火墙端口转发

    centos7 && centos6.5 部KVM使用NAT联网并为虚拟机配置firewalld && iptables防火墙端口转发 一.准备工作: 1: 检查kvm ...

  2. Firewalls文件配置防火墙

    1.源文件 /usr/lib/firewalld/services 2.文件配置 cat /etc/firewalld/zones/public.xml <?xml version=" ...

  3. Tomcat下conf下server.xml的文件配置信息

    Tomcat下conf下server.xml的文件配置信息,基本上不用做任何修改就可以使用,修改的地方就是host区域的一些配置,此文件设置端口为80. 注意:Tomcat配置文件中(即server. ...

  4. Spring、Spring MVC、MyBatis整合文件配置详解

    原文  http://www.cnblogs.com/wxisme/p/4924561.html 主题 MVC模式MyBatisSpring MVC 使用SSM框架做了几个小项目了,感觉还不错是时候总 ...

  5. NHibernate各种数据库连接参数文件配置方法说明

    //NHibernate各种数据库连接参数文件配置方法说明 //配置文件Config/Hibernate.cfg.xml内容如下所示: <?xml version="1.0" ...

  6. Spring简单的文件配置

    Spring简单的文件配置 “计应134(实验班) 凌豪” 一.Spring文件配置 spring至关重要的一环就是装配,即配置文件的编写,接下来我按刚才实际过程中一步步简单讲解. 首先,要在web. ...

  7. springmvc 项目完整示例07 设置配置整合springmvc springmvc所需jar包springmvc web.xml文件配置

    前面主要是后台代码,spring以及mybatis的整合 下面主要是springmvc用来处理请求转发,展现层的处理 之前所有做到的,完成了后台,业务层和持久层的开发完成了 接下来就是展现层了 有很多 ...

  8. 转载 Spring、Spring MVC、MyBatis整合文件配置详解

    Spring.Spring MVC.MyBatis整合文件配置详解   使用SSM框架做了几个小项目了,感觉还不错是时候总结一下了.先总结一下SSM整合的文件配置.其实具体的用法最好还是看官方文档. ...

  9. linux(centos7)防火墙配置firewalld和iptables

    linux系统中防火墙管理有2种方式,分别是iptables和firewalld(centos7.x),下面介绍centos7的配置方法 一.firewalld: 因为cenos7默认使用firewa ...

随机推荐

  1. Mac下使用Charles抓包Android

    原文地址:http://fanjiajia.cn/2018/11/21/Mac%E4%B8%8B%E4%BD%BF%E7%94%A8Charles%E6%8A%93%E5%8C%85Android/ ...

  2. PAT 1089 狼人杀-简单版

    https://pintia.cn/problem-sets/994805260223102976/problems/1038429385296453632 以下文字摘自<灵机一动·好玩的数学& ...

  3. php在类里如何调用call_user_func_array《细说php2》

  4. JVM内存区域配置

    堆内存:新域+旧域 设置堆内存初始化大小 java -Xms128m 设置堆内存初始化大小128MB 设置堆内存最大大小 java -Xmx256m 设置堆内存最大256MB 通常将堆内存的初始化大小 ...

  5. CKEditor的基本使用

    <%@ taglib prefix="html" uri="http://struts.apache.org/tags-html" %> <% ...

  6. 大并发量订单处理的 KafKa部署

    大并发量订单处理的 KafKa部署总结 今天要介绍的是消息中间件KafKa,应该说是一个很牛的中间件吧,背靠Apache 与很多有名的中间件搭配起来用效果更好哦 ,为什么不用RabbitMQ,因为公司 ...

  7. Python 类和对象-下

    类的常用函数 #issubclass() 检测一个类是否是另外一个或者一组类中的子类 class Father: pass class Mother: pass class LaoWang: pass ...

  8. android 与 小米1S刷机学习

    本文内容为本博客作者原创,转载请注明出处或者发私信. [名词] 1.ROM包 :安卓手机系统,以.ZIP结尾,类似windows的 win7系统包,300M-700M不止 2.卡刷(Recovery模 ...

  9. [Leetcode] add binary 二进制加法

    Given two binary strings, return their sum (also a binary string). For example,a ="11"b =& ...

  10. 【BZOJ 4514】[Sdoi2016]数字配对 费用流

    利用spfa流的性质,我直接拆两半,正解分奇偶(妙),而且判断是否整除且质数我用的是暴力根号,整洁判断质数个数差一(其他非spfa流怎么做?) #include <cstdio> #inc ...