如何删除firewalld中的预配置区域

10

我无法删除任何预配置的区域。

[root@fabian ~]# firewall-cmd --permanent --delete-zone=block
Error: BUILTIN_ZONE: block
[root@fabian ~]#

有办法吗?如果仅删除核心响应区域文件,则firewalld将无法启动。

如果无法做到这一点,那么为什么地球上不能摆脱这种内置区域呢?只看预定义的空防火墙会让我恶心:

[root@fabian ~]# firewall-cmd --list-all-zones
block
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

dmz
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

drop
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

external (active)
  interfaces: enp0s26u1u1
  sources: 
  services: 
  ports: 
  masquerade: yes
  forward-ports: 
  icmp-blocks: 
  rich rules: 

home
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

internal (default, active)
  interfaces: enp4s0
  sources: 
  services: ssh
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

public
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

trusted
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

work
  interfaces: 
  sources: 
  services: 
  ports: 
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

[root@fabian ~]#

请救救我。

firewalld 
阿斯
source

Answers:

2

默认区域存储在此目录中:

/ usr / lib / firewalld / zones

在搜寻防火墙-cmd默认区域后,以下内容被删除:

[ https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos]

配置防火墙D

Firewalld配置了XML文件。除了非常特定的配置外,您无需处理它们,而应使用firewall-cmd。

配置文件位于两个目录中:

/usr/lib/FirewallD holds default configurations like default zones and common services.   Avoid updating them because those files will be overwritten by each firewalld package update.

/etc/firewalld holds system configuration files. These files will overwrite a default configuration.

这样说...我从/ usr / lib / FirewallD / zones中删除了一个名为internal的内置区域,并重新加载了firewalld,当--list-all-zones出现时,该区域仍然存在。

因此,我然后从/ etc / firewalld / zones中删除了内部区域并重新加载了防火墙,内部区域现在消失了。

软件包更新后会回来吗,不知道并且还没有尝试过。

花花公子
source
/ etc / firewalld / zones中唯一的文件是public.xml。因此,没有什么可删除的。:-(这是CentOS7。–
Aas
By using our site, you acknowledge that you have read and understand our Cookie Policy and Privacy Policy.
Licensed under cc by-sa 3.0 with attribution required.