在 CentOS Linux 7 机器中添加规则
[root@localhost ~]# sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 8.8.8.8/32 -j REJECT
成功
规则按预期运行
[root@localhost ~]# ping -c 2 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.122.50 icmp_seq=1 Destination Port Unreachable
ping: sendmsg: Operation not permitted
From 192.168.122.50 icmp_seq=2 Destination Port Unreachable
ping: sendmsg: Operation not permitted
但它没有显示在列表中
[root@localhost ~]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: