May 24, 2021 That's what Linux should learn
The RHEL 7 system integrates several firewall management tools, including the Firewalld (Dynamic Firewall Manager for Linux Systems) service, which is the default firewall configuration management tool and has two management methods, CLI-based (command-line interface) and GUI-based (graphical user interface).
Firewalld supports dynamic update technology and includes the concept of zones compared to traditional firewall management configuration tools. S imply put, the zone is where Firewalld pre-prepares several sets of firewall policy collections (policy templates) that allow users to select the appropriate set of policies depending on the production scenario, resulting in a quick switch between firewall policies. F or example, we have a laptop that we use every day in the office, coffee shop and home. A s a common sense, the safety of these three in order from high to low, should be home, corporate office, coffee shop. C urrently, we want to specify the following firewall policy rules for this laptop: access to all services at home, access to file sharing services only in the office, and Internet browsing only in coffee shops. I n the past, we needed to set firewall policy rules manually frequently, but now we only need to preset the collection of regions, and then automatically switch with the click of a mouse, greatly improving the efficiency of firewall policy application. The common zone names in firewalld (public by default) and the corresponding policy rules are shown in Table 8-2.
Zone names and policy rules commonly used in Table 8-2 firewalld
Zone Default rule policy trusted allows all packets home to reject inflow traffic unless it is related to the flow out of the traffic, and if the traffic is related to the ssh, mdns, ipp-client, amba-client, and dhcpv6-client services, the traffic is allowed to be the same as the home zone work to deny inflow traffic, unless it is related to the flowing traffic, and if the traffic is related to the ssh, i pp-client is associated with the dhcpv6-client service, allowing traffic to publicly reject inflow traffic unless it is related to flowing traffic, allowing traffic to decline inflow if traffic is related to the ssh, dhcpv6-client service, unless it is related to flowing out, and allowing traffic dmz to refuse inflow if it is related to ssh service, unless it is related to flowing out , and if traffic is related to the ssh service, the traffic block is allowed to deny inflow unless drop-in traffic is associated with the outflow, unless it is related to the flowing traffic