关于 FIREWALLD 的规则不可见的问题

大家有没有碰到过这样的问题:
sudo systemctl enable --now firewalld
Created symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service → /usr/lib/systemd/system/firewalld.service.
Created symlink /etc/systemd/system/multi-user.target.wants/firewalld.service → /usr/lib/systemd/system/firewalld.service.
#################
sudo systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-05-16 13:49:58 CST; 7s ago
Docs: man:firewalld(1)
Main PID: 2790 (firewalld)
Tasks: 2 (limit: 509891)
Memory: 21.8M
CGroup: /system.slice/firewalld.service
└─ 2790 /usr/bin/python3 -s /usr/sbin/firewalld --nofork --nopid

May 16 13:49:57 mqtt-test118 systemd[1]: Starting firewalld - dynamic firewall daemon…
May 16 13:49:58 mqtt-test118 systemd[1]: Started firewalld - dynamic firewall daemon.
############
sudo firewall-cmd --permanent --add-rich-rule=‘rule family=“ipv4” source address=“10.0.0.0/20” accept’
success
[pukka@mqtt-test118 ~]$ sudo firewall-cmd --reload
success
[pukka@mqtt-test118 ~]$ sudo iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


如上图,规则不可见,但是在检查public.xml里面又是有规则的:

指定 PUBLIC 文件后也没有用:

检查了系统message\secure\dmesg日志也没有任何报错,是不是要卸载iptables? 操作系统安装时只安装了“开发工具”。

1 个赞

可以用iptables打印 firewalld 规则吗:
No, you cannot use iptables to print firewalld rules. Firewalld and iptables are two different firewall management tools. Firewalld is a frontend to the netfilter system in the Linux kernel, while iptables is a userspace tool for managing netfilter rules. Firewalld provides a higher-level abstraction for managing firewall rules and provides support for features such as zones, services, and rich rules that are not available in iptables.

If you want to print the rules in firewalld, you should use the firewall-cmd command with the --list-all or --list-rules option, as described in my previous answer.
行吧,已经不能用iptables来打印规则了。

1 个赞