Debian systemd 防火墙还是firewalld?

tag-icon tag-icon debian systemd firewall firewalld
Debian systemd 防火墙还是firewalld?

我在 Debian 10 Buster 的防火墙配置方面遇到了一些问题:

[agp@debian10 ~]$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2021-07-31 07:12:13 CEST; 16min ago
     Docs: man:firewalld(1)
 Main PID: 721 (firewalld)
    Tasks: 2 (limit: 4915)
   Memory: 43.6M
   CGroup: /system.slice/firewalld.service
           └─721 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid
[agp@debian10 ~]$ systemctl status nftables.service
● nftables.service - nftables
   Loaded: loaded (/lib/systemd/system/nftables.service; enabled; vendor preset: enabled)
   Active: active (exited) since Sat 2021-07-31 07:12:06 CEST; 16min ago
     Docs: man:nft(8)
           http://wiki.nftables.org
  Process: 387 ExecStart=/usr/sbin/nft -f /etc/nftables.conf (code=exited, status=0/SUCCESS)
 Main PID: 387 (code=exited, status=0/SUCCESS)

然而,当检查 systemd 时,它报告“降级”:

● debian10 
   State: degraded
    Jobs: 0 queued
  Failed: 1 units

并检查问题:

[agp@debian10 ~]$ systemctl | grep fail
● firewall.service               loaded failed failed    Add Firewall Rules to iptables

我检查了几个不同的论坛和 Debian Wiki 页面,只是对有关 iptables 设置和 nftable 配置的已弃用信息感到更加困惑,这些信息已取代 Debian Buster 中的 iptables。

但这是我的问题的开始:

为什么我的系统上有 2 个防火墙服务,它们的作用是什么?

[agp@debian10 ~]$ systemctl status firewall
● firewall.service - Add Firewall Rules to iptables
   Loaded: loaded (/etc/systemd/system/firewall.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sat 2021-07-31 07:12:10 CEST; 2h 35min ago
  Process: 720 ExecStart=/etc/firewall/enable.sh (code=exited, status=203/EXEC)
 Main PID: 720 (code=exited, status=203/EXEC)
[agp@debian10 ~]$ systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sat 2021-07-31 07:12:13 CEST; 2h 35min ago
     Docs: man:firewalld(1)
 Main PID: 721 (firewalld)
    Tasks: 2 (limit: 4915)
   Memory: 44.9M
   CGroup: /system.slice/firewalld.service
           └─721 /usr/bin/python3 /usr/sbin/firewalld --nofork --nopid

firewall.service 是否需要使用 iptables 配置,或者是否会与正在运行的 firewalld.service 设置发生冲突?

我感谢您的考虑、建议和关注。干杯!

答案1

firewalld.service是在安装firwalld包时创建的。

withfirewall.serviceExecStart=/etc/firewall/enable.shDescription:Add Firewall Rules to iptables是手动创建的。中提到了相同的服务Debian 维基(参见示例脚本)

相关内容