有没有办法将两个端口分配给firewalld中的同一服务?例如,我希望 SMTP 服务同时侦听端口 25 和端口 465。我的第一反应是更改/usr/lib/firewalld/services/smtp.xml为如下所示:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Mail (SMTP)</short>
<description>This option allows incoming SMTP mail delivery. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You $
<port protocol="tcp" port="465"/>
<!-- is adding a second port here legal and the best approach? -->
<port protocol="tcp" port="25"/>
</service>
答案1
您可以创建另一个服务:
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Mail (SMTP on port 465)</short>
<description>This option allows incoming SMTP mail delivery on the alternative port 465. If you need to allow remote hosts to connect directly to your machine to deliver mail, enable this option. You do not need to enable this if you collect your mail from your ISP's server by POP3 or IMAP, or if you use a tool such as fetchmail. Note that an improperly configured SMTP server can allow remote machines to use your server to send spam.</description>
<port protocol="tcp" port="465"/>
</service>
并将其保存为(例如)/usr/lib/firewalld/services/alt-smtp.xml,之后您可以将其添加到与原始smtp服务相同的区域。
或者,您可以按照您在问题中的建议进行操作。从man firewalld.service:
port
Is an optional empty-element tag and can be used several times to have
more than one port entry.
前者将为您提供更多控制权 - 您可以启用其中之一或两者。后者打字较少。