- [firewalld]int g0/0/0
- [firewalld-GigabitEthernet0/0/0]ip address 192.168.1.10 255.255.255.0
- [firewalld-GigabitEthernet0/0/0]undo shutdown
- // 打开接口的 http 和 https 管理
- [firewalld-GigabitEthernet0/0/0]service-manage http permit
- [firewalld-GigabitEthernet0/0/0]service-manage https permit
- [firewalld-GigabitEthernet0/0/0]quit
接口加入 trust 区域
- [firewalld]firewall zone trust
- [firewalld-zone-trust]add interface GigabitEthernet 0/0/0
- [firewalld-zone-trust]quit
配置安全策略
- [firewalld]security-policy
- [firewalld-policy-security]rule name allow_web
- [firewalld-policy-security-rule-allow_web]source-zone trust // 指定条件
- [firewalld-policy-security-rule-allow_web]destination-zone local // 指定条件
- [firewalld-policy-security-rule-allow_web]action permit // 指定动作
- [firewalld-policy-security-rule-allow_web]quit
- [firewalld-policy-security]quit
- // 开启 https 功能
- [firewalld]Web-manager security enable
- // 配置 aaa 以及本地用户
- [firewalld]aaa
- [firewalld-aaa]manager-user demo
- // 以 man-machine 模式配置密码在屏幕上不会显示任何密码, 更加安全
- [firewalld-aaa-manager-user-demo]password
- Enter Password:
- Confirm Password:
- [firewalld-aaa-manager-user-demo]service-type Web // 指定用户类型
- [firewalld-aaa-manager-user-demo]level 3 // 指定权限级别
- [firewalld-aaa-manager-user-demo]quit
- [firewalld-aaa]quit
来源: http://www.bubuko.com/infodetail-2868892.html