red hat 8.5 Web控制台界面
在日志提示“WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now.”
警告:AllowZoneDrifting已启用。而这被认为是,不安全的配置选项,它将在将来的版本中删除,请考虑立即禁用。
在文件目录找到 /etc/firewalld/firewalld.conf
- #vim /etc/firewalld/firewalld.conf
打开firewalld.conf 文件,找到下面的内容。
修改AllowZoneDrifting=yes,为AllowZoneDrifting=no
修改前内容:
- # AllowZoneDrifting
- # Older versions of firewalld had undocumented behavior known as “zone
- # drifting”. This allowed packets to ingress multiple zones – this is a
- # violation of zone based firewalls. However, some users rely on this behavior
- # to have a “catch-all” zone, e.g. the default zone. You can enable this if you
- # desire such behavior. It’s disabled by default for security reasons.
- # Note: If “yes” packets will only drift from source based zones to interface
- # based zones (including the default zone). Packets never drift from interface
- # based zones to other interfaces based zones (including the default zone).
- # Possible values; “yes”, “no”. Defaults to “yes”.
- AllowZoneDrifting=yes
修改后内容:
- # AllowZoneDrifting
- # Older versions of firewalld had undocumented behavior known as “zone
- # drifting”. This allowed packets to ingress multiple zones – this is a
- # violation of zone based firewalls. However, some users rely on this behavior
- # to have a “catch-all” zone, e.g. the default zone. You can enable this if you
- # desire such behavior. It’s disabled by default for security reasons.
- # Note: If “yes” packets will only drift from source based zones to interface
- # based zones (including the default zone). Packets never drift from interface
- # based zones to other interfaces based zones (including the default zone).
- # Possible values; “yes”, “no”. Defaults to “yes”.
- AllowZoneDrifting=no
然后,需要重启firewalld
输入命令重启firewalld
- # systemctl restart firewalld