??? 123123123123 .....................................................................................................................................??? 123123123123 ..................................................................................................................................... -" """q#\b$"$%%%%&& && /&;& Q&[& l& z& &&& & && & & & &'I '{S'['+(b())n*EV+%+++ +++{,,,,,,,,,,----6-4P-&-$-%-'-$.D.J.Q.X.l.~. ..2.2.'/>/ O/ \/j/r/$/./"//$0=0$[0 000#00n1 }1]1 112n22,2?2 3!3 &3 23 ?3L3a3 y3 33 3 3333 344 4 *484 G4 Q4 ^4 j4w4 44444455k5-26`6v6:666666 7@*7k7r7 7888C82#9LV9 9 9 9u9 ::F:L:JS::::: ::K;m<Q<<t={= = = = =====>>/>@>I>l\> > >>$>? ???? ??%@@@yWAAAAA6A'2BZB#kB B BB B BDB *C 6CD@C)C&C%C'C$$D*ID!tDDDDDE:EBXE:EEEF)FEFZF+rFFFF/F%G5@G?vG*G#GIHOHTHgHwHHHH HH H HHHII IIII J#J7J HJUJfJ yJJJ JJJ JJJ KK "K ,K7K=KEKZKzKKKKKqKRL eLpLLLLL L LLLAMGMKMQMXM `MkM'N*NOPD[QSQ+Q R6RR\TTzUU UUWU*V2V8VXV`ViV qV {V V VVV VV&V#V+ W)5WM_W0W(W^XAfX;XXXXXXYY YY%Y.Y 2Y>YDYMYRY UY_YgY-mY YY Y YYYY YYYYYYYZ ZZZZ%Z*Z3Z7Z>ZEZNZ VZbZ jZuZ&yZZZ \\\X]F]'^_ _(_ /_9_I_ P_Z_j_z_ ___ _ _ _ _ _` ` !` .`;`K` [`Eh`W`NaUaQax/bbLc3-d$addd dded#e *e4e ;eEeUe\eoeeeeeee*e'&f!Nf"pf!f!ffffff g "g/g'Hg$pggg g gg gg'g('h"Ph#sh#h#hh h hh~i i iZi jj*jc?jj$j6jk%k ,k 9k Ck MkZk mk zkkk kkkk k l l l 'l4l Dl Ql ^lkl{l ll l lllgmnmMum%mmm0nLnSn cnmnnnZnoUoto o ooEGp0pHpq q "qf.q qqq6qqqqq qrrdcsFstt#ttttt t ttu1uDu Wudukuf{u uu u' v1v8v v v vvv!ww x x +x5xKcee>dP <lXy|_W 4=\3oE]'s&!7%J.`DK(xdInaO@-j6F+hB"RVX"#SgSf~ 1=bvcU1\,T('lQ P8k*m9q$?&@Wi- Select -/A connection tracking helper is assisting to make protocols work that are using different flows for signaling and data transfers. The data transfers are using ports that are unrelated to the signaling connection and are therefore blocked by the firewall without the helper.A firewalld icmptype provides the information for an Internet Control Message Protocol (ICMP) type for firewalld.A firewalld service is a combination of ports, protocols, modules and destination addresses.A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules. The zone can be bound to interfaces and source addresses.AboutAbout %sActionAction:Active BindingsAddAdd ChainAdd Command LineAdd ContextAdd Entries From FileAdd EntryAdd Forward PortAdd ICMP TypeAdd IPSetAdd InterfaceAdd PassthroughAdd PortAdd ProtocolAdd Rich RuleAdd RuleAdd ServiceAdd SourceAdd User IdAdd User NameAdd ZoneAdd a rule with the arguments args to a chain in a table with a priority.Add additional ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine.Add additional ports or port ranges, which need to be accessible for all hosts or networks.Add additional source ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine.Add additional source ports or port ranges, which need to be accessible for all hosts or networks.Add entries to bind interfaces to the zone. If the interface will be used by a connection, the zone will be set to the zone specified in the connection.Add entries to bind source addresses or areas to the zone. You can also bind to a MAC source address, but with limitations. Port forwarding and masquerading will not work for MAC source bindings.Add entries to forward ports either from one port to another on the local system or from the local system to another system. Forwarding to another system is only useful if the interface is masqueraded. Port forwarding is IPv4 only.Add protocols, which need to be accessible for all hosts or networks.Additional chains for use with rules.AddressAllAll FilesAll network traffic is blocked.An IPSet can be used to create white or black lists and is able to store for example IP addresses, port numbers or MAC addresses. ArgsArgs:AuditAudit:Authorization failed.AuthorsAutomatic HelpersBase Helper SettingsBase ICMP Type SettingsBase IPSet SettingsBase Service SettingsBase Zone SettingsBindingsBlock all network trafficBold entries are mandatory, all others are optional.Built-in helper, rename not supported.Built-in icmp, rename not supported.Built-in ipset, rename not supported.Built-in service, rename not supported.Built-in zone, rename not supported.ChainChain:ChainsChange Default ZoneChange Log DeniedChange LogDenied value.Change ZoneChange Zones of Connections...Change default zone for connections or interfaces.Change which zone a network connection belongs to.Change zone of bindingChanges applied.Command lineCommand linesCommentConfiguration:Configure Automatic Helper AssigmentConfigure Automatic Helper Assignment setting.Configure Shields UP/Down Zones...Configure Shields Up/Down ZonesConnection to FirewallD established.Connection to FirewallD lost.Connection to firewalld established.ConnectionsContextContextsCurrent default zone of the system.Currently visible configuration. Runtime configuration is the actual active configuration. Permanent configuration will be active after service or system reload or restart.Default TargetDefault ZoneDefault Zone '{default_zone}' active for connection '{connection}' on interface '{interface}'Default Zone:Default Zone: %sDefault Zone: '%s'Default zone '{default_zone}' {activated_deactivated} for connection '{connection}' on interface '{interface}'Default zone changed to '%s'.Default zone used by network connection '%s'Define ports or port ranges, which are monitored by the helper.Description:DestDestinationDestination:Direct ChainDirect ConfigurationDirect Passthrough RuleDirect RuleEdit ChainEdit Command LineEdit ContextEdit EntryEdit Firewall Settings...Edit Forward PortEdit ICMP TypeEdit IPSetEdit InterfaceEdit PassthroughEdit PortEdit ProtocolEdit Rich RuleEdit RuleEdit ServiceEdit SourceEdit User IdEdit User NameEdit ZoneElementElement:Enable NotificationsEntriesEntries of the IPSet. You will only be able to see entries of ipsets that are not using the timeout option, also only the entries, that have been added by firewalld. Entries, that have been directly added with the ipset command wil not be listed here.EntryErrorFailed to connect to firewalld. Please make sure that the service has been started correctly and try again.Failed to get connections from NetworkManagerFailed to load icons.Failed to read file '%s': %sFailed to set zone {zone} for connection {connection_name}FamilyFamily:FirewallFirewall AppletFirewall ConfigurationFirewallD has been reloaded.For host or network allow or denylisting deactivate the element.Forward to another portForwarding to another system is only useful if the interface is masqueraded. Do you want to masquerade this zone ?Hashsize:HelperHelpersHere you can define which services are trusted in the zone. Trusted services are accessible from all hosts and networks that can reach the machine from connections, interfaces and sources bound to this zone.Here you can select the zones used for Shields Up and Shields Down.Here you can set rich language rules for the zone.Hide active runtime bindings of connections, interfaces and sources to zonesICMP FilterICMP TypeICMP TypesICMP Types can only be changed in the permanent configuration view. The runtime configuration of ICMP Types is fixed.IP address:IPSetIPSetsIPSets can only be created or deleted in the permanent configuration view.IPv4IPv4:IPv6IPv6:Icmp TypeIf Invert Filter is enabled, marked ICMP entries are accepted and the others are rejected. In a zone with the target DROP, they are dropped.If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match.If you enable local forwarding, you have to specify a port. This port has to be different to the source port.If you enable masquerading, IP forwarding will be enabled for your IPv4 networks.If you specify destination addresses, the service entry will be limited to the destination address and type. If both entries are empty, there is no limitation.IgnoreInitial hash size, default 1024InterfaceInterfacesInvalid nameInvert FilterLevel:LicenseLoad ICMP Type DefaultsLoad IPSet DefaultsLoad Service DefaultsLoad Zone DefaultsLocal forwardingLockdownLockdown WhitelistLockdown locks firewall configuration so that only applications on lockdown whitelist are able to change it.Lockdown:Log DeniedLog:Make runtime configuration permanentMarkMark the ICMP types in the list, which should be rejected. All other ICMP types are allowed to pass the firewall. The default is no limitation.Mark:Mask:Masquerade zoneMasqueradingMasquerading allows you to set up a host or router that connects your local network to the internet. Your local network will not be visible and the hosts appear as a single address on the internet. Masquerading is IPv4 only.Max number of elements, default 65536Maxelem:Meaning: Log of denied packets. But this is too long. LogDenied is also the parameter used in firewalld.conf.Automatic Helpers:Meaning: Log of denied packets. But this is too long. LogDenied is also the parameter used in firewalld.conf.Log Denied:Module:ModulesName already existsName:Netfilter helper modules are needed for some services.Network traffic is not blocked anymore.No Active Zones.No NetworkManager imports availableNo connection to firewall daemonOther Module:Other Protocol:Panic ModePanic Mode:Panic mode means that all incoming and outgoing packets are dropped.PassthroughPermanentPlease be careful with passthrough rules to not damage the firewall.Please configure base ICMP type settings:Please configure base helper settings:Please configure base ipset settings:Please configure base service settings:Please configure base zone settings:Please enter a mark with an optional mask.Please enter a port and protocol.Please enter a protocol.Please enter a rich rule.Please enter a source.Please enter an interface name:Please enter an ipset entry:Please enter an ipv4 address with the form address[/mask].Please enter an ipv4 or ipv6 address with the form address[/mask].Please enter an ipv6 address with the form address[/mask].Please enter the command line.Please enter the context.Please enter the user id.Please enter the user name.Please select a filePlease select a helper:Please select a netfilter conntrack helper:Please select a service.Please select an ICMP typePlease select an ipset:Please select default zone from the list below.Please select ipv and enter the args.Please select ipv and table and enter the chain name.Please select ipv and table, chain priority and enter the args.Please select the automatic helpers value:Please select the log denied value:Please select the source and destination options according to your needs.PortPort / Port Range:Port ForwardingPort and ProtocolPortsPrefix:PriorityPriority:ProtocolProtocol:ProtocolsReload FirewalldReloads firewall rules. Current permanent configuration will become new runtime configuration. i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration.RemoveRemove All EntriesRemove ChainRemove Command LineRemove ContextRemove Entries From FileRemove EntryRemove Forward PortRemove ICMP TypeRemove IPSetRemove InterfaceRemove PassthroughRemove PortRemove ProtocolRemove Rich RuleRemove RuleRemove Selected EntryRemove ServiceRemove SourceRemove User IdRemove User NameRemove ZoneReset To DefaultRich RuleRich RulesRulesRuntimeRuntime To PermanentSelect zone for connection '%s'Select zone for interface '%s'Select zone for source %sSelect zone for source '%s'ServiceServicesServices can only be changed in the permanent configuration view. The runtime configuration of services is fixed.Shields Down Zone:Shields UpShields Up Zone:Short:Show active runtime bindings of connections, interfaces and sources to zonesSourceSource PortSource PortsSource:SourcesSpecify whether this ICMP Type is available for IPv4 and/or IPv6.SrcTableTable:Target:Text FilesThe Internet Control Message Protocol (ICMP) is mainly used to send error messages between networked computers, but additionally for informational messages like ping requests and replies.The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context.The direct configuration gives a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. tables, chains, commands, parameters and targets. Direct configuration should be used only as a last resort when it is not possible to use other firewalld features.The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for iptables, with ipv6 for ip6tables and with eb for ethernet bridges (ebtables).The lockdown feature is a light version of user and application policies for firewalld. It limits changes to the firewall. The lockdown whitelist can contain commands, contexts, users and user ids.The mark and the mask fields are both 32 bits wide unsigned numbers.The mask can be a network mask or a number for ipv4. The mask is a number for ipv6.The mask can be a network mask or a number.The mask is a number.The passthrough rules are directly passed through to the firewall and are not placed in special chains. All iptables, ip6tables and ebtables options can be used.The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.This IPSet uses the timeout option, therefore no entries are visible here. The entries should be taken care directly with the ipset command.This feature is useful for people using the default zones mostly. For users, that are changing zones of connections, it might be of limited use.Timeout value in secondsTimeout:To AddressTo PortTo enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' (not both).Trying to connect to firewalld, waiting...Type:Used by network connection '%s'User IDUser IdsUser idUser ids.User nameUser namesUser names.Version:WarningWith limit:ZoneZone '%s' activated for interface '%s'Zone '%s' activated for source '%s'Zone '%s': ICMP type '%s' is not available.Zone '%s': Service '%s' is not available.Zone '{zone}' active for connection '{connection}' on interface '{interface}'Zone '{zone}' active for interface '{interface}'Zone '{zone}' active for source {source}Zone '{zone}' {activated_deactivated} for connection '{connection}' on interface '{interface}'Zone '{zone}' {activated_deactivated} for interface '{interface}'Zone '{zone}' {activated_deactivated} for source '{source}'Zone: %sZones_File_Help_Options_Viewacceptactivatedalertcriticaldaydeactivateddebugdisableddropebemergencyenablederrorfirewall;network;security;iptables;netfilter;forward-porthouricmp-blockicmp-typeinfoinvertedipv4ipv4 and ipv6ipv6ipv:labellevellimitlogmarkmasquerademinutenatnoticeportprotocolrawrejectsecondsecurityservicesource-portwarningwith Type:yes{entry} (Default Zone: {default_zone}){entry} (Zone: {zone})Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2021-05-25 10:54-0400 PO-Revision-Date: 2021-03-27 23:01+0000 Last-Translator: Tianhao Chai Language-Team: Chinese (Simplified) Language: zh_CN MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Generator: Weblate 4.5.2 - 选择 -/正在指派连接跟踪帮助程序,以确保使用不同信号发送和数据传输流程的协议正常工作。数据传输使用的是与信号发送连接不相关的端口,因此若没有该帮助程序将会被防火墙拦截。FirewallD ICMP 类型为 firewallD 提供因特网控制报文协议 (ICMP) 的信息。FirewallD 服务是端口、协议、模块和目的地址的组合。FirewallD 区域定义了绑定的网络连接、网卡以及源地址的可信程度。区域是服务、端口、协议、IP伪装、端口/报文转发、ICMP过滤以及富规则的组合。区域可以绑定到网卡以及源地址。关于关于 %s操作操作:活动的绑定新增添加链添加命令行添加上下文以文件添加条目添加条目添加转发端口添加 ICMP 类型添加 IPSet添加网卡添加穿通添加端口添加协议添加富规则添加规则添加服务添加来源添加用户 ID添加用户名添加区域添加一个包含参数的规则至具备优先级信息的表中。添加可让允许访问的主机或者网络访问的附加端口或者端口范围。添加可让所有主机或者网络访问的附加端口或者端口范围。添加额外的源端口或范围,它们对于所有可以连接至这台主机的所有主机或网络都需要是可以访问的。添加可让所有主机或者网络访问的其他源端口或者端口范围。增加入口以将网卡加入区域。若网卡已经被连接占用,区域将被设定为连接所指定的区域。添加条目以便在该区域绑定源地址或范围。还可以绑定到 MAC 源地址,但会有所限制。端口转发及伪装不适用于 MAC 源绑定。添加条目来转发端口,可以是从本地系统的一个端口到另一个端口,也可以是从本地系统到另一个系统。转发到另一个系统只在网卡伪装时有用。端口转发只适用于 IPv4。添加所有主机或网络均可访问的协议。与规则共同生效的附加链。地址全部所有文件拦截所有网络传输。可使用 IPSet 创建白名单或黑名单,以便保存 IP 地址、端口号或者 MAC 地址。 参数参数:审计审计:认证失败。作者自动帮助程序基础帮助程序设置基本 ICMP 类型设定基础 IPSet 设置基本服务设定基本区域设定绑定拦截所有网络传输粗体项目为必需,其余为可选。内置帮助程序不支持重命名。内置 ICMP 不支持重命名。内置 ipset 不支持重命名。内置服务不支持重命名。内建区域不支持重命名。链链:链改变默认区域修改 LogDenied修改 LogDenied 值。更改区域更改连接区域……更改连接或网卡的默认区域。更改网络连接所属的区域。修改绑定的区变更已生效。命令行命令行注释配置:配置自动帮助程序指派配置自动帮助程序指派设置。配置开启/关闭保护的区域……配置开启/关闭保护的区域已建立与 FirewallD 的连接。已失去与 FirewallD 的连接。已建立至 firewalld 的连接。连接上下文上下文当前系统的默认区域。当前可见配置。运行时配置为实际启用的配置。永久配置则会在服务或系统重载或重启时启用。默认目标默认区域网卡 '{interface}' 上的连接 '{connection}' 正在使用默认区域 '{default_zone}'默认区域:默认区:%s默认区域: '%s'网卡 '{interface}' 上连接 '{connection}' 的默认区 '{default_zone}' {activated_deactivated}默认区域已改为 '%s'。网络连接 '%s' 使用的默认区定义帮助程序将监视的端口或端口范围。描述:目的目标地址目标:直接链直接配置直接穿通规则直接规则编辑链编辑命令行编辑上下文编辑条目编辑防火墙设置……编辑转发端口编辑 ICMP 类型编辑 IPSet编辑网卡编辑穿通编辑端口编辑协议编辑富规则编辑规则编辑服务编辑来源编辑用户 ID编辑用户名编辑区域元素元素:启用通知条目IPSet 条目。只能看到不使用 timeout 选项的 ipset 条目以及已经由 firewalld 添加的条目。这里不会列出直接由 ipset 命令添加的条目。条目错误连接 firewalld 失败。请确保该服务已正常启动,然后重试。从 NetworkManager 获取连接失败载入图标失败。读取文件 %s 失败:%s设置 {connection_name} 的区域 {zone} 失败家族地址类型:防火墙防火墙小程序防火墙配置FirewallD 已重新加载。配置适用于主机或网络的允许或阻止规则时,请禁用”元素“选项。转发到另一端口转发至其他系统仅在网卡伪装时才有用。 您想要伪装该区域吗?哈希大小:帮助程序帮助程序可以在这里定义区域中哪些服务是可信的。可连接至绑定到这个区域的连接、网卡和源的所有主机和网络及可以访问可信服务。在这里您可以选择用于开启保护和关闭保护的区域。可以在这里为区域设定富语言规则。对区域隐藏连接、网卡和源服务器的激活的运行时绑定ICMP 过滤器ICMP 类型ICMP 类型仅可以在永久配置视图中修改 ICMP 类型。运行时配置中的 ICMP 类型是固定的。IP 地址:IPSetIPSets只能在永久配置视图中创建或删除 IPSet。IPv4IPv4:IPv6IPv6:ICMP 类型如果启用了反向过滤器(Invert Filter),作了标记的 ICMP 条目都被会被接受,而其他条目则会被拒绝。在带有目标 DROP 的区里,它们会被丢弃。如果在白名单输入的命令以 '*' 星号结尾,则匹配所有以其开头的命令。如果不含 '*' 则命令和其中的参数必须绝对匹配。如果您允许本地转发,您必须指定一个端口。 这个端口不能和源端口相同。如果您启用伪装,将会为您的 IPv4 网络启用 IP 转发。如果您指定了目的地址,服务项目将仅限于目的地址和类型。如果两个项目均为空,则没有限制。忽略起始哈希大小,默认为 1024网卡网卡无效的名称反向过滤器等级:许可证载入默认 ICMP 类型载入 IPSet 默认设置载入默认服务载入默认区域本地转发锁定锁定白名单锁定可以对防火墙配置进行加锁,只允许锁定白名单上的应用程序进行改动。锁定:已拒绝的日志日志:将运行时配置记录到永久配置掩码在列表中标记应该被拒绝的 ICMP 类型。所有其它 ICMP 类型则被允许通过防火墙。默认设置是没有限制。标记:掩码:伪装区域伪装如果您要设置一台将您的本地网络连接到互联网的主机或者路由器,伪装是很有用的。您的本地网络将不可见,且该主机是以单一地址的形式出现在互联网中。伪装仅适用于 IPv4。最大元素数,默认为 65536最大元素数:自动帮助程序:LogDenied:模块:模块名称已存在名称:需要对某些服务使用网络过滤帮助程序模块。不再拦截网络传输。没有启用区域。没有可用的 NetworkManager 导入未连接至防火墙守护进程其他模块:其他协议:应急模式应急模式:应急模式意味着将丢弃所有传入和传出的包。穿通永久请小心使用穿通规则,不要损害防火墙。请配置基本 ICMP 类型设定:请配置基础帮助程序设置:请配置基础 ipset 设置:请配置基本服务设定:请配置基本区域设定:请输入具有可选掩码的掩码。请输入端口和协议。请输入协议。请输入富规则(rich rule)。请输入来源。请输入网卡名称:请输入 ipset 条目:请输入 ipv4 地址,格式为 address[/mask]。请输入 ipv4 或者 ipv6 地址,格式为 address[/mask]。请输入 ipv6 地址,格式为 address[/mask]。请输入命令行。请输入上下文。请输入用户 ID。请输入用户名。请选择一个文件请选择帮助程序:请选择网络过滤 conntrack 帮助程序:请选择一个服务。请选择 ICMP 类型请选择 ipset:请从下面列表选择默认区域。请选择 IPV 并输入参数。请选择 IPV 及表并输入链名。请选择 IPV 及表、链优先级并输入参数。请选择自动帮助程序的值:请选择 Log Denied 值:请根据您的需要选择来源和目的选项。端口端口或端口范围:端口转发端口和协议端口前缀:优先级优先级:协议协议:协议重载防火墙重载防火墙规则。运行时配置将从永久配置重新加载。所有仅在运行时配置但未写入永久配置的变更将在重载后丢失。移除移除全部项移除链移除命令行移除上下文从文件中移除条目删除条目移除转发端口移除 ICMP 类型删除 IPSet移除网卡移除穿通移除端口删除协议移除富规则移除规则移除所选条目移除服务移除来源移除用户 ID移除用户名移除区域重设为默认设置富规则富规则规则运行时将运行时配置设定为永久配置为连接 '%s' 选择区域为网卡 '%s' 选择区域选择来源 %s 的区域为来源 '%s' 选择区域服务服务仅可以在永久配置视图中修改服务。运行时配置中的服务是不可修改的。关闭保护的区域:开启保护开启保护的区域:简称:对区域显示连接、网卡和源服务器的激活的运行时绑定来源源端口源端口源:来源指定是否该 ICMP 类型可用于 IPv4 和/或 IPv6。来源表表:目标:文本文件互联网控制报文协议(ICMP)主要用于在联网的计算机间发送出错信息,但也发送类似 ping 请求以及回应等信息。上下文是正在运行的应用程序或服务的安全(SELinux)上下文。请使用 ps -e --context 获取正在运行的应用程序的上下文。直接配置给予直接访问防火墙方式。这些选项需要用户了解基本的 iptables 概念,比如表、链、命令、参数和目标。直接配置应该仅用于当其他 firewalld 功能都不可用时的最后手段。每个操作的 IPV 参数应为 ipv4 或 ipv6 或 eb。ipv4 用于 iptables,ipv6 用于 ip6tables,eb 用于以太网桥接(ebtables)。锁定功能是适用于 firewalld 的轻量级用户和应用程序规范。它保证变更仅限于防火墙。锁定白名单可以包含命令、上下文、用户和用户 ID。掩码和掩码字段都是 32 位的无符号数字。对于 ipv4 地址,该掩码必须为网络掩码或一个数字。 对于 ipv6 地址,则该掩码为一个数字。该掩码必须为网络掩码或一个数字。该掩码为一个数字。穿通规则将被直接传递给防火墙而不会放置到特殊链中。可以使用所有 iptables、ip6tables 和 ebtables 选项。优先级用于规则排序。优先级0 代表在链顶端添加规则,更大的优先级将添加到链下方。优先级相同的规则将具备相同的级别,排序并不固定并有可能变化。如果您想要确保一个规则会在另外一个后添加,需为前者指定低优先级而为后者指定高优先级。这个 IPSet 使用 timeout 选项,因此在这个看不到。应直接使用 ipset 命令处理该条目。这项功能对于在绝大多数时间里使用默认区域的人有用。对于经常改变连接区域的用户来说,用处有限。以秒为单位的超时值超时:目的地址目的端口若启用该项,操作需为'reject'并且家族选择'ipv4'或'ipv6'(但不能同时选择)。试图连接至 firewalld,等待中...类型:被网络连接 '%s' 使用用户 ID用户 ID用户 ID用户 ID。用户名用户名用户名。版本:警告包含限制:区域在网卡 '%s' 启用区域 '%s'在来源 '%s' 已启用区域 '%s'区域 '%s': ICMP 类型 '%s' 不可用。区域 '%s': 服务 '%s' 不可用。网卡 '{interface}' 上的连接 '{connection}' 正在使用区域 '{zone}'在网卡 '{interface}' 启用区域 '{zone}'在来源 {source} 启用区域 '{zone}'在网卡 '{interface}' {activated_deactivated} 连接 '{connection}' 的区域 '{zone}'在网卡 '{interface}' {activated_deactivated} 区域 '{zone}'在来源 '{source}' {activated_deactivated} 区域 '{zone}'区:%s区域文件(_F)帮助(_H)选项(_O)查看 (_V)接受已启用警告严重天已禁用除错禁用丢弃eb紧急启用错误防火墙;网络;安全;iptables;netfilter;转发端口小时ICMP 拦截ICMP 类型信息反转ipv4IPv4 及 IPv6ipv6ipv:标签等级限制日志标记伪装分nat提醒端口协议原始拒绝秒安全性服务source-port警告及类型:是{entry} (默认区域:{default_zone}){entry} (区域:{zone})