# firewall-cmd --permanent --add-service=nfs
# filewall-cmd --permanent --add-service=rpc-bind
在 RHEL/CentOS 7.9 中,如果我执行上述操作,防火墙中会打开哪些数字端口号?
服务名称(例如rpc-bind)到防火墙端口号的映射是在哪里定义的?
我是否正确地相信,/etc/firewalld/zones/myzone.xml最终一切都归结为以下内容?
是 ortcp和udp一个数字?
# sshd
<port protocol="tcp" port="22"/>
# nfs
<port protocol="tcp" port="2049"/>
<port protocol="udp" port="2049"/>
答案1
TL;DR:编译到firewalld中,参见源代码。
长答案:请看一下Firewalld 源代码库中的 README。
使用的所有服务firewalld均在目录中的 xml 文件中定义config/services。例如,该rpc-bind.xml文件包含:
编辑:在 rhel/centos 7 中,该位置用于/usr/lib/firewalld/servicesxml 文件。
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>rpc-bind</short>
<description>Remote Procedure Call Bind</description>
<port protocol="tcp" port="111"/>
<port protocol="udp" port="111"/>
</service>
它将 rpc-bind 固定到 tcp 和 udp 端口 111。类似地,NFS(nfsv4)看起来像这样:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NFS4</short>
<description>The NFS4 protocol is used to share files via TCP networking. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.</description>
<port protocol="tcp" port="2049"/>
</service>
和 NFSv3 ( nfs3) 类似:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>NFS3</short>
<description>The NFS3 protocol is used to share files. You will need to have the NFS tools installed and properly configure your NFS server for this option to be useful.</description>
<port protocol="tcp" port="2049"/>
<port protocol="udp" port="2049"/>
</service>
您还询问有关 SSH 的问题:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
<port protocol="tcp" port="22"/>
</service>
这些 XML 定义被编译到firewalld 中。