[firewalld]int g0/0/0
[firewalld-GigabitEthernet0/0/0]ip address 192.168.1.10 255.255.255.0
[firewalld-GigabitEthernet0/0/0]undo shutdown
//打開接口的http和https管理
[firewalld-GigabitEthernet0/0/0]service-manage http permit
[firewalld-GigabitEthernet0/0/0]service-manage https permit
[firewalld-GigabitEthernet0/0/0]quit
接口加入trust區域
[firewalld]firewall zone trust
[firewalld-zone-trust]add interface GigabitEthernet 0/0/0
[firewalld-zone-trust]quit
配置安全策略
[firewalld]security-policy
[firewalld-policy-security]rule name allow_web
[firewalld-policy-security-rule-allow_web]source-zone trust //指定條件
[firewalld-policy-security-rule-allow_web]destination-zone local //指定條件
[firewalld-policy-security-rule-allow_web]action permit //指定動作
[firewalld-policy-security-rule-allow_web]quit
[firewalld-policy-security]quit
//開啓https功能
[firewalld]web-manager security enable
//配置aaa以及本地用戶
[firewalld]aaa
[firewalld-aaa]manager-user demo
//以man-machine模式配置密碼在屏幕上不會顯示任何密碼,更加安全
[firewalld-aaa-manager-user-demo]password
Enter Password:
Confirm Password:
[firewalld-aaa-manager-user-demo]service-type web //指定用戶類型
[firewalld-aaa-manager-user-demo]level 3 //指定權限級別
[firewalld-aaa-manager-user-demo]quit
[firewalld-aaa]quit