firewall简介
根据官方文档,firewall简介如下:
firewalld daemon provides a dynamically managed firewall with support for network “zones” to assign a level of trust to a network and its associated connections and interfaces. It has support for IPv4 and IPv6 firewall settings. It supports Ethernet bridges and IP set and has a separation of runtime and permanent configuration options. It also has an interface for services or applications to add firewall rules directly. The complete communication with firewalld is done using D-Bus.
firewalld守护进程提供了一个动态管理的防火墙,支持网络“区域”为网络及其关联的连接和接口分配信任级别。它支持ipv4和ipv6防火墙设置。它支持以太网桥和ip集,并且有运行时和永久配置选项的分离。它还具有用于直接添加防火墙规则的服务或应用程序的界面。与firewalld的完整通信是使用d-bus完成的。
简单来说,CentOS6中使用iptables作为防火墙;而在CentOS7中,firewall作为防火墙,是iptables的升级。本文只讨论自己常用的firewall命令和配置,不涉及高级用法。