lmyyao/centos7-firewalld

## centos7-firewalld
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-source=94.204.104.194/32
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-source=94.206.104.194/32
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted
success
[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources
You're performing an operation over default zone ('public'),
but your connections/interfaces are in zone 'trusted' (see --get-active-zones)
You most likely need to use --zone=trusted option.

[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources --zone=trusted
94.204.104.194/32 94.206.104.194/32
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --rem
usage: see firewall-cmd man page
firewall-cmd: error: ambiguous option: --rem could match --remove-lockdown-whitelist-context, --remove-rule, --remove-icmp-block, --remove-service, --remove-lockdown-whitelist-command, --remove-lockdown-whitelist-uid, --remove-port, --remove-interface, --remove-source, --remove-rules, --remove-lockdown-whitelist-user, --remove-chain, --remove-masquerade, --remove-rich-rule, --remove-forward-port, --remove-passthrough
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --remove-source=94.204.104.194/32
success
[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources --zone=trusted
94.206.104.194/32
[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources --zone=trusted --permanent
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-source=94.206.104.194/32 --permanent
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-port=22/tcp --permanent
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list
usage: see firewall-cmd man page
firewall-cmd: error: ambiguous option: --list could match --list-lockdown-whitelist-contexts, --list-all, --list-lockdown-whitelist-uids, --list-ports, --list-forward-ports, --list-icmp-blocks, --list-interfaces, --list-rich-rules, --list-services, --list-lockdown-whitelist-commands, --list-all-zones, --list-sources, --list-lockdown-whitelist-users
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-services,
usage: see firewall-cmd man page
firewall-cmd: error: unrecognized arguments: --list-services,
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-services
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-all
trusted
  interfaces:
  sources: 94.206.104.194/32
  services:
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-port=22/tcp
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-all
trusted
  interfaces:
  sources: 94.206.104.194/32
  services:
  ports: 22/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root@ip-11-0-0-239 centos]# firewall-cmd --zone=default --list-all
Error: INVALID_ZONE: default
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --list-all
public (default)
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --remove-port
usage: see firewall-cmd man page
firewall-cmd: error: argument --remove-port: expected one argument
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --remove-service=ssh
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --list-all
public (default)
  interfaces:
  sources:
  services: dhcpv6-client
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root@ip-11-0-0-239 centos]# firewall-cmd
usage: see firewall-cmd man page
No option specified.
[root@ip-11-0-0-239 centos]# firewall-cmd --get-acti
trusted
  sources: 94.206.104.194/32
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --remove-service=ssh --permanent
success
[root@ip-11-0-0-239 centos]# firewall-cmd --reload
success
[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --list-all
public (default)
  interfaces:
  sources:
  services: dhcpv6-client
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-all
trusted
  interfaces:
  sources: 94.206.104.194/32
  services:
  ports: 22/tcp
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-source=94.204.104.194/32
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-source=94.206.104.194/32
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources
	You're performing an operation over default zone ('public'),
	but your connections/interfaces are in zone 'trusted' (see --get-active-zones)
	You most likely need to use --zone=trusted option.

	[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources --zone=trusted
	94.204.104.194/32 94.206.104.194/32
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --rem
	usage: see firewall-cmd man page
	firewall-cmd: error: ambiguous option: --rem could match --remove-lockdown-whitelist-context, --remove-rule, --remove-icmp-block, --remove-service, --remove-lockdown-whitelist-command, --remove-lockdown-whitelist-uid, --remove-port, --remove-interface, --remove-source, --remove-rules, --remove-lockdown-whitelist-user, --remove-chain, --remove-masquerade, --remove-rich-rule, --remove-forward-port, --remove-passthrough
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --remove-source=94.204.104.194/32
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources --zone=trusted
	94.206.104.194/32
	[root@ip-11-0-0-239 centos]# firewall-cmd --list-sources --zone=trusted --permanent
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-source=94.206.104.194/32 --permanent
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-port=22/tcp --permanent
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list
	usage: see firewall-cmd man page
	firewall-cmd: error: ambiguous option: --list could match --list-lockdown-whitelist-contexts, --list-all, --list-lockdown-whitelist-uids, --list-ports, --list-forward-ports, --list-icmp-blocks, --list-interfaces, --list-rich-rules, --list-services, --list-lockdown-whitelist-commands, --list-all-zones, --list-sources, --list-lockdown-whitelist-users
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-services,
	usage: see firewall-cmd man page
	firewall-cmd: error: unrecognized arguments: --list-services,
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-services
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-all
	trusted
	interfaces:
	sources: 94.206.104.194/32
	services:
	ports:
	masquerade: no
	forward-ports:
	icmp-blocks:
	rich rules:

	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --add-port=22/tcp
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-all
	trusted
	interfaces:
	sources: 94.206.104.194/32
	services:
	ports: 22/tcp
	masquerade: no
	forward-ports:
	icmp-blocks:
	rich rules:

	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=default --list-all
	Error: INVALID_ZONE: default
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --list-all
	public (default)
	interfaces:
	sources:
	services: dhcpv6-client ssh
	ports:
	masquerade: no
	forward-ports:
	icmp-blocks:
	rich rules:

	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --remove-port
	usage: see firewall-cmd man page
	firewall-cmd: error: argument --remove-port: expected one argument
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --remove-service=ssh
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --list-all
	public (default)
	interfaces:
	sources:
	services: dhcpv6-client
	ports:
	masquerade: no
	forward-ports:
	icmp-blocks:
	rich rules:

	[root@ip-11-0-0-239 centos]# firewall-cmd
	usage: see firewall-cmd man page
	No option specified.
	[root@ip-11-0-0-239 centos]# firewall-cmd --get-acti
	trusted
	sources: 94.206.104.194/32
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --remove-service=ssh --permanent
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --reload
	success
	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=public --list-all
	public (default)
	interfaces:
	sources:
	services: dhcpv6-client
	ports:
	masquerade: no
	forward-ports:
	icmp-blocks:
	rich rules:

	[root@ip-11-0-0-239 centos]# firewall-cmd --zone=trusted --list-all
	trusted
	interfaces:
	sources: 94.206.104.194/32
	services:
	ports: 22/tcp
	masquerade: no
	forward-ports:
	icmp-blocks:
	rich rules: