\u5728\u4e0a\u4e00\u7bc7\u6587\u7ae0\u4e2d\uff0c\u6211\u4eec\u63a2\u8ba8\u4e86\u5982\u4f55\u5728 Fedora \u4e2d\u7528\u547d\u4ee4\u884c\u63a7\u5236\u9632\u706b\u5899\u3002<\/p>\n

\u7b80\u77ed\u56de\u987e<\/strong><\/div>\n
\u9996\u5148\uff0c\u6700\u597d\u68c0\u67e5\u4e00\u4e0b\u9632\u706b\u5899\u7684\u72b6\u6001\uff0c\u770b\u5b83\u662f\u5426\u6b63\u5728\u8fd0\u884c\u3002\u5982\u6211\u4eec\u5148\u524d\u6240\u5b66\uff0c\u4f60\u53ef\u4ee5\u4f7f\u7528\u72b6\u6001\u9009\u9879\uff08firewall-cmd \u2010\u2010state\uff09\u6765\u5f97\u5230\u3002<\/p>\n
\u4e0b\u4e00\u6b65\u662f\u83b7\u53d6\u7f51\u7edc\u63a5\u53e3\u9002\u7528\u7684\u57dfzone\u3002\u4f8b\u5982\uff0c\u6211\u4f7f\u7528\u7684\u684c\u9762\u6709\u4e24\u4e2a\u7f51\u7edc\u63a5\u53e3\uff1a\u4e00\u4e2a\u7269\u7406\u63a5\u53e3\uff08enp0s3\uff09\uff0c\u4ee3\u8868\u6211\u5b9e\u9645\u7684\u7f51\u5361\uff0c\u548c\u865a\u62df\u63a5\u53e3\uff08virbr0\uff09\uff0c\u5b83\u7531 KVM \u7b49\u865a\u62df\u5316\u8f6f\u4ef6\u4f7f\u7528\u3002\u8981\u67e5\u770b\u54ea\u4e9b\u57df\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\uff0c\u8bf7\u8fd0\u884c firewall-cmd \u2010\u2010get-active-zones\u3002<\/p>\n
\u73b0\u5728\uff0c\u4f60\u77e5\u9053\u4e86\u4f60\u611f\u5174\u8da3\u7684\u57df\uff0c\u53ef\u4ee5\u4f7f\u7528 firewall-cmd \u2010\u2010info-zone=FedoraWorkstation \u8fd9\u6837\u7684\u547d\u4ee4\u5217\u51fa\u8be5\u57df\u7684\u89c4\u5219\u3002<\/p>\n
\u8bfb\u53d6\u533a\u57df\u4fe1\u606f<\/strong><\/div>\n
\u8981\u663e\u793a\u7279\u5b9a\u57df\u7684\u4fe1\u606f\uff0c\u8bf7\u8fd0\u884c firewall-cmd \u2010\u2010zone=ZoneName \u2010\u2010list-all\uff0c\u6216\u4f7f\u7528\u4ee5\u4e0b\u547d\u4ee4\u663e\u793a\u9ed8\u8ba4\u57df\u7684\u4fe1\u606f\uff1a<\/p>\n
[dan@localhost ~]$ firewall-cmd --list-all\r\nFedoraWorkstation (active)\r\ntarget: default\r\nicmp-block-inversion: no\r\ninterfaces: enp0s3\r\nsources:\r\nservices: dhcpv6-client mdns samba-client ssh\r\nports: 1025-65535\/udp 1025-65535\/tcp\r\nprotocols:\r\nmasquerade: no\r\nforward-ports:\r\nsource-ports:\r\nicmp-blocks:\r\nrich rules:\r\n<\/pre>\n
\u73b0\u5728\uff0c\u8ba9\u6211\u4eec\u67e5\u770b\u8f93\u51fa\u3002\u7b2c\u4e00\u884c\u8868\u660e\u4ee5\u4e0b\u4fe1\u606f\u5173\u8054\u7684\u57df\u4ee5\u53ca\u8be5\u57df\u5f53\u524d\u662f\u5426\u5728\u4f7f\u7528\u4e2d\u3002<\/p>\n
target: default\uff1a\u544a\u8bc9\u6211\u4eec\u8fd9\u662f\u9ed8\u8ba4\u57df\u3002\u53ef\u4ee5\u901a\u8fc7 \u2010\u2010set-default-zone=ZoneName \u548c \u2010\u2010get-default-zone \u8bbe\u7f6e\u6216\u83b7\u53d6\u3002<\/p>\n
icmp-block-inversion \u8868\u660e\u662f\u5426\u963b\u6b62 ICMP \u8bf7\u6c42\u3002\u4f8b\u5982\uff0c\u5982\u679c\u673a\u5668\u54cd\u5e94\u6765\u81ea\u7f51\u7edc\u4e0a\u5176\u4ed6\u673a\u5668\u7684 ping \u8bf7\u6c42\u3002<\/p>\n
interfaces \u5b57\u6bb5\u663e\u793a\u63a5\u53d7\u6b64\u57df\u7684\u6240\u6709\u63a5\u53e3\u3002<\/p>\n
\u5904\u7406\u670d\u52a1\u3001\u7aef\u53e3\u548c\u534f\u8bae<\/strong><\/div>\n
\u73b0\u5728\uff0c\u91cd\u70b9\u5173\u6ce8 services\u3001ports \u548c protocols \u6240\u5728\u884c\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u9632\u706b\u5899\u5c06\u963b\u6b62\u6240\u6709\u7aef\u53e3\u3001\u670d\u52a1\u548c\u534f\u8bae\uff0c\u800c\u53ea\u5141\u8bb8\u5217\u51fa\u7684\u3002<\/p>\n
\u5728\u8fd9\u91cc\uff0c\u4f60\u53ef\u4ee5\u770b\u5230\u5141\u8bb8\u7684\u670d\u52a1\u662f\u975e\u5e38\u57fa\u672c\u7684\u5ba2\u6237\u7aef\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u8bbf\u95ee\u7f51\u7edc\u4e0a\u7684\u5171\u4eab\u6587\u4ef6\u5939\uff08samba-client\uff09\u3001\u4e0e DNS \u670d\u52a1\u5668\u901a\u4fe1\u6216\u901a\u8fc7 SSH\uff08ssh \u670d\u52a1\uff09\u8fde\u63a5\u5230\u8ba1\u7b97\u673a\u3002\u4f60\u53ef\u4ee5\u5c06 service \u89c6\u4e3a\u4e0e\u7aef\u53e3\u7ec4\u5408\u7684\u534f\u8bae\uff0c\u4f8b\u5982 ssh \u670d\u52a1\u4f7f\u7528 SSH \u534f\u8bae\uff0c\u5e76\u4e14\u6309\u7167\u60ef\u4f8b\u4f7f\u7528 22 \u7aef\u53e3\u3002\u901a\u8fc7\u5141\u8bb8 ssh \u670d\u52a1\uff0c\u4f60\u5b9e\u9645\u4e0a\u6240\u505a\u7684\u5c31\u662f\u5141\u8bb8\u4f20\u5165\u7684\u8fde\u63a5\u5728\u9ed8\u8ba4 22 \u7aef\u53e3\u4e0a\u4f7f\u7528 SSH \u534f\u8bae\u3002<\/p>\n
\u8bf7\u6ce8\u610f\uff0c\u6839\u636e\u7ecf\u9a8c\uff0c\u540d\u79f0\u4e2d\u5e26\u6709 client \u5b57\u6837\u7684\u670d\u52a1\u662f\u6307\u4f20\u51fa\u8fde\u63a5\uff0c\u4e5f\u5c31\u662f\u4f60\u4f7f\u7528\u4f60\u7684 IP \u4f5c\u4e3a\u6e90\u5bf9\u5916\u90e8\u7684\u8fde\u63a5\uff0c\u4e0e\u4e4b\u76f8\u53cd\u7684\u662f ssh \u670d\u52a1\uff0c\u6bd4\u5982\uff0c\u5b83\u5c06\u63a5\u53d7\u4f20\u5165\u8fde\u63a5\uff08\u76d1\u542c\u6765\u81ea\u5916\u90e8\u7684\u8fde\u63a5\uff09\u3002<\/p>\n
\u4f60\u53ef\u4ee5\u5728\u6587\u4ef6 \/etc\/services \u4e2d\u67e5\u627e\u670d\u52a1\u3002\u4f8b\u5982\uff0c\u5982\u679c\u4f60\u60f3\u77e5\u9053\u8fd9\u4e9b\u670d\u52a1\u4f7f\u7528\u4ec0\u4e48\u7aef\u53e3\u548c\u534f\u8bae\uff1a<\/p>\n
[dan@localhost ~]$ cat \/etc\/services | grep ssh\r\nssh 22\/tcp # The Secure Shell (SSH) Protocol\r\nssh 22\/udp # The Secure Shell (SSH) Protocol<\/pre>\n
\u4f60\u53ef\u4ee5\u770b\u5230 SSH \u540c\u65f6\u4f7f\u7528 TCP \u548c UDP \u7684 22 \u7aef\u53e3\u3002\u6b64\u5916\uff0c\u5982\u679c\u4f60\u5e0c\u671b\u67e5\u770b\u6240\u6709\u53ef\u7528\u7684\u670d\u52a1\uff0c\u53ea\u9700\u4f7f\u7528 firewall-cmd --get-services\u3002<\/p>\n
\u6253\u5f00\u7aef\u53e3<\/strong><\/span><\/div>\n
\u5982\u679c\u8981\u963b\u6b62\u7aef\u53e3\u3001\u670d\u52a1\u6216\u534f\u8bae\uff0c\u8bf7\u786e\u4fdd\u5728\u6b64\u5904\u672a\u5217\u51fa\u5b83\u4eec\u3002\u5c55\u5f00\u6765\u8bf4\uff0c\u5982\u679c\u8981\u5141\u8bb8\u670d\u52a1\uff0c\u90a3\u4e48\u9700\u8981\u5c06\u5b83\u6dfb\u52a0\u5230\u5217\u8868\u4e2d\u3002<\/p>\n
\u5047\u8bbe\u4f60\u8981\u6253\u5f00 5000 \u7aef\u53e3\u7528\u4e8e TCP \u8fde\u63a5\u3002\u4e3a\u6b64\uff0c\u8bf7\u8fd0\u884c\uff1a<\/p>\n
sudo firewall-cmd --zone=FedorwaWorkstation --permanent --add-port=5000\/tcp<\/pre>\n
\u8bf7\u6ce8\u610f\uff0c\u4f60\u9700\u8981\u6307\u5b9a\u89c4\u5219\u9002\u7528\u7684\u57df\u3002\u6dfb\u52a0\u89c4\u5219\u65f6\uff0c\u8fd8\u9700\u8981\u5982\u4e0a\u6307\u5b9a\u5b83\u662f tcp \u8fd8\u662f udp \u7aef\u53e3\u3002--permanent \u53c2\u6570\u5c06\u89c4\u5219\u8bbe\u7f6e\u4e3a\u5373\u4f7f\u7cfb\u7edf\u91cd\u542f\u540e\u4e5f\u53ef\u4ee5\u4fdd\u7559\u3002<\/p>\n
\u518d\u6b21\u67e5\u770b\u4f60\u6240\u5728\u533a\u57df\u7684\u4fe1\u606f\uff1a<\/p>\n
[dan@localhost ~]$ firewall-cmd --list-all\r\nFedoraWorkstation (active)\r\ntarget: default\r\nicmp-block-inversion: no\r\ninterfaces: enp0s3\r\nsources:\r\nservices: dhcpv6-client mdns samba-client ssh\r\nports: 1025-65535\/udp 1025-65535\/tcp 5000\/tcp\r\nprotocols:\r\nmasquerade: no\r\nforward-ports:\r\nsource-ports:\r\nicmp-blocks:\r\nrich rules:<\/pre>\n
\u7c7b\u4f3c\u5730\uff0c\u5982\u679c\u4f60\u60f3\u4ece\u5217\u8868\u5220\u9664\u8be5\u7aef\u53e3\uff0c\u8bf7\u8fd0\u884c\uff1a<\/p>\n
sudo firewall-cmd --zone=FedorwaWorkstation --permanent --remove-port=5000\/tcp<\/pre>\n
\u76f8\u540c\u7684 remove \uff08\u2010\u2010remove-protocol\u3001\u2010\u2010remove-service\uff09 \u548c add\uff08\u2010\u2010add-protocol\u3001\u2010\u2010add-service\uff09\u9009\u9879\u540c\u6837\u9002\u7528\u4e8e\u670d\u52a1\u548c\u534f\u8bae\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5728\u4e0a\u4e00\u7bc7\u6587\u7ae0\u4e2d\uff0c\u6211\u4eec\u63a2\u8ba8\u4e86\u5982\u4f55\u5728 Fedora \u4e2d\u7528\u547d\u4ee4\u884c\u63a7\u5236\u9632\u706b\u5899\u3002 \u9996\u5148\uff0c\u6700\u597d\u68c0\u67e5\u4e00\u4e0b\u9632\u706b\u5899\u7684\u72b6\u6001\uff0c\u770b\u5b83\u662f […]<\/p>\n","protected":false},"author":323,"featured_media":124479,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[55],"tags":[],"class_list":["post-193299","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-thread"],"acf":[],"_links":{"self":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/193299","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/users\/323"}],"replies":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/comments?post=193299"}],"version-history":[{"count":2,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/193299\/revisions"}],"predecessor-version":[{"id":193306,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/posts\/193299\/revisions\/193306"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media\/124479"}],"wp:attachment":[{"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/media?parent=193299"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/categories?post=193299"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lrxjmw.cn\/wp-json\/wp\/v2\/tags?post=193299"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}