Este conteúdo não está disponível no idioma selecionado.

5.14. Using the Direct Interface


It is possible to add and remove chains during runtime by using the --direct option with the firewall-cmd tool. A few examples are presented here. See the firewall-cmd(1) man page for more information.
It is dangerous to use the direct interface if you are not very familiar with iptables as you could inadvertently cause a breach in the firewall.
The direct interface mode is intended for services or applications to add specific firewall rules during runtime. The rules can be made permanent by adding the --permanent option using the firewall-cmd --permanent --direct command or by modifying /etc/firewalld/direct.xml. See man firewalld.direct(5) for information on the /etc/firewalld/direct.xml file.

5.14.1. Adding a Rule using the Direct Interface

To add a rule to the IN_public_allow chain, enter the following command as root:
~]# firewall-cmd --direct --add-rule ipv4 filter IN_public_allow \
        0 -m tcp -p tcp --dport 666 -j ACCEPT
Add the --permanent option to make the setting persistent.

5.14.2. Removing a Rule using the Direct Interface

To remove a rule from the IN_public_allow chain, enter the following command as root:
~]# firewall-cmd --direct --remove-rule ipv4 filter IN_public_allow \
        0 -m tcp -p tcp --dport 666 -j ACCEPT
Add the --permanent option to make the setting persistent.

5.14.3. Listing Rules using the Direct Interface

To list the rules in the IN_public_allow chain, enter the following command as root:
~]# firewall-cmd --direct --get-rules ipv4 filter IN_public_allow
Note that this command (the --get-rules option) only lists rules previously added using the --add-rule option. It does not list existing iptables rules added by other means.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Experimente, compre e venda

Comunidades

Sobre a documentação da Red Hat

Ajudamos os usuários da Red Hat a inovar e atingir seus objetivos com nossos produtos e serviços com conteúdo em que podem confiar.

Tornando o open source mais inclusivo

A Red Hat está comprometida em substituir a linguagem problemática em nosso código, documentação e propriedades da web. Para mais detalhes veja oBlog da Red Hat.

Sobre a Red Hat

Fornecemos soluções robustas que facilitam o trabalho das empresas em plataformas e ambientes, desde o data center principal até a borda da rede.

© 2024 Red Hat, Inc.