:set ff=unix
centos7 firewalld
两个位置
1、/etc/firewalld/
2、/usr/lib/firewalld/
写iptables规则:
cat /etc/firewalld/direct.xml
firewall-cmd –direct –add-rule ipv4 filter FORWARD 0 -s 192.168.8.0/21 -j ACCEPT
firewall-cmd –direct –add-rule ipv4 nat POSTROUTING 0 -s 192.168.8.0/21 -j MASQUERADE
firewall-cmd –permanent –add-port=443/tcp
firewall-cmd –permanent –add-port=500/udp
firewall-cmd –permanent –add-masquerade
firewall-cmd –reload