Author: lyuan

两个位置

1、/etc/firewalld/

2、/usr/lib/firewalld/

写iptables规则：

cat /etc/firewalld/direct.xml

firewall-cmd –direct –add-rule ipv4 filter FORWARD 0 -s 192.168.8.0/21 -j ACCEPT
firewall-cmd –direct –add-rule ipv4 nat POSTROUTING 0 -s 192.168.8.0/21  -j MASQUERADE

firewall-cmd –permanent –add-port=443/tcp
firewall-cmd –permanent –add-port=500/udp
firewall-cmd –permanent –add-masquerade
firewall-cmd –reload