grammy-jiang · March 16, 2020 04:14
diff --git a/firewalld.conf b/firewalld.conf
 # firewalld config file

 # default zone
 # The default zone used if an empty zone string is used.
 # Default: public
 DefaultZone=public

 # Minimal mark
 # Marks up to this minimum are free for use for example in the direct 
 # interface. If more free marks are needed, increase the minimum
 # Default: 100
 MinimalMark=100

 # Clean up on exit
 # If set to no or false the firewall configuration will not get cleaned up
 # on exit or stop of firewalld
 # Default: yes
 CleanupOnExit=yes

 # Lockdown
 # If set to enabled, firewall changes with the D-Bus interface will be limited
 # to applications that are listed in the lockdown whitelist.
 # The lockdown whitelist file is lockdown-whitelist.xml
 # Default: no
 Lockdown=no

 # IPv6_rpfilter
 # Performs a reverse path filter test on a packet for IPv6. If a reply to the
 # packet would be sent via the same interface that the packet arrived on, the 
 # packet will match and be accepted, otherwise dropped.
 # The rp_filter for IPv4 is controlled using sysctl.
 # Default: yes
 IPv6_rpfilter=yes

 # IndividualCalls
 # Do not use combined -restore calls, but individual calls. This increases the
 # time that is needed to apply changes and to start the daemon, but is good for
 # debugging.
 # Default: no
 IndividualCalls=no

 # LogDenied
 # Add logging rules right before reject and drop rules in the INPUT, FORWARD
 # and OUTPUT chains for the default rules and also final reject and drop rules
 # in zones. Possible values are: all, unicast, broadcast, multicast and off.
 # Default: off
 LogDenied=off

 # AutomaticHelpers
 # For the secure use of iptables and connection tracking helpers it is
 # recommended to turn AutomaticHelpers off. But this might have side effects on
 # other services using the netfilter helpers as the sysctl setting in
 # /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
 # With the system setting, the default value set in the kernel or with sysctl
 # will be used. Possible values are: yes, no and system.
 # Default: system
 AutomaticHelpers=system
	# firewalld config file

	# default zone
	# The default zone used if an empty zone string is used.
	# Default: public
	DefaultZone=public

	# Minimal mark
	# Marks up to this minimum are free for use for example in the direct
	# interface. If more free marks are needed, increase the minimum
	# Default: 100
	MinimalMark=100

	# Clean up on exit
	# If set to no or false the firewall configuration will not get cleaned up
	# on exit or stop of firewalld
	# Default: yes
	CleanupOnExit=yes

	# Lockdown
	# If set to enabled, firewall changes with the D-Bus interface will be limited
	# to applications that are listed in the lockdown whitelist.
	# The lockdown whitelist file is lockdown-whitelist.xml
	# Default: no
	Lockdown=no

	# IPv6_rpfilter
	# Performs a reverse path filter test on a packet for IPv6. If a reply to the
	# packet would be sent via the same interface that the packet arrived on, the
	# packet will match and be accepted, otherwise dropped.
	# The rp_filter for IPv4 is controlled using sysctl.
	# Default: yes
	IPv6_rpfilter=yes

	# IndividualCalls
	# Do not use combined -restore calls, but individual calls. This increases the
	# time that is needed to apply changes and to start the daemon, but is good for
	# debugging.
	# Default: no
	IndividualCalls=no

	# LogDenied
	# Add logging rules right before reject and drop rules in the INPUT, FORWARD
	# and OUTPUT chains for the default rules and also final reject and drop rules
	# in zones. Possible values are: all, unicast, broadcast, multicast and off.
	# Default: off
	LogDenied=off

	# AutomaticHelpers
	# For the secure use of iptables and connection tracking helpers it is
	# recommended to turn AutomaticHelpers off. But this might have side effects on
	# other services using the netfilter helpers as the sysctl setting in
	# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
	# With the system setting, the default value set in the kernel or with sysctl
	# will be used. Possible values are: yes, no and system.
	# Default: system
	AutomaticHelpers=system