firewall-cmd --remove 명령 오류 해결

- 현재 rich-rule

root@system1 ~]# firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: ens33 ens37 ens38 ens39 team0

  rich rules: 

rule family="ipv4" service name="nfs" accept

rule family="ipv4" source address="192.168.0.200/24" forward-port port="5423" protocol="tcp" to-port="80"

-삭제시도

[root@system1 ~]# firewall-cmd --remove-rich-rule='rule family="ipv4" source address="192.168.0.200/24" forward-port port="5423" protocol="tcp" to-port="80"'

Error: %x format: a number is required, not NoneType

삭제를 시도했으나, 자꾸 포맷이 이상하다는 메세지가 뜬다.  잘못된 포맷이 없는뎅 ㅜ

-해결방법

firewall 명령으로 추가한 정책은  /etc/firewalld/ 폴더내에 .xml파일로 저장되어있다.

root@system1 ~]# firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: ens33 ens37 ens38 ens39 team0

  rich rules: 

rule family="ipv4" service name="nfs" accept

rule family="ipv4" source address="192.168.0.200/24" forward-port port="5423" protocol="tcp" to-port="80"

rule family="ipv4" source address="192.168.0.0/24" forward-port port="5423" protocol="tcp" to-port="80"

rule family="ipv4" source address="192.168.0.200" service name="ssh" drop

위의 public(zone), rich ruels을 삭제하고 싶으면

/etc/firewalld/zones/public.xml을 열어보자

아래 빨간색 부분을 삭제 후 저장 하면

firewall-cmd --remove-rich-rule과 같은 효과로,  rich .rule을 삭제할수 있다.

-삭제결과

1) /etc/firewalld/zones/public.xml 파일 내용

-> rule이  nfs 허용 1건이다.

2) firewall-cmd --reload         

 -> reload 수행한다

3) list 결과확인

[root@system1 zones]# firewall-cmd --list-all

public (active)

  target: default

  icmp-block-inversion: no

  interfaces: ens33 ens37 ens38 ens39 team0

  sources: 

  services: ssh dhcpv6-client nfs

  ports: 

  protocols: 

  masquerade: no

  forward-ports: 

  source-ports: 

  icmp-blocks: 

  rich rules: 

rule family="ipv4" service name="nfs" accept

rule이 1건으로  vi열어서 삭제한 아래3건은 삭제되었다.

rule family="ipv4" source address="192.168.0.200/24" forward-port port="5423" protocol="tcp" to-port="80"

rule family="ipv4" source address="192.168.0.0/24" forward-port port="5423" protocol="tcp" to-port="80"

rule family="ipv4" source address="192.168.0.200" service name="ssh" drop