Þ•  -Ð" Ñ"Ü"Þ"qð#\b$"¿$â%è%ñ%ø%&& && /&;& Q&[& l& z& „&’&¢& «& ¸&Æ& Ï& Û& æ& ò&'I '{S'[Ï'‚+(b®(˜)ê)çn*EV+%œ+Â+Ê+ Î+Ø+‚ø+{,€,†,Œ,“,©,±,Ã,Ø,ð,----6-4P-&…-$¬-%Ñ-'÷-$.D.J.Q.X.l.~. –.¢.2Á.2ô.'/>/ O/ \/j/r/$/.¦/"Õ/ø/$0=0$[0 €0Œ0”0#0¬Á0n1 }1]Š1 è1ö12n2‰2,§2?Ô2 3!3 &3 23 ?3L3a3 y3 …33 ¢3 ¯3º3Ô3æ3 õ344 4 *484 G4 Q4 ^4 j4w4 †44˜4¡4¶4û¾4º5À5kÆ5-26`6v6:“6Î6Õ6Ý6æ6ö6 7A*7l7r„7 ÷788Ï8Cà82$9LW9 ¤9 °9 º9uÅ9 ;:G:M:JT:Ÿ:¤:ª:¯: µ:Œ¿:ÈL;m<Qƒ<ŸÕ<u=|= œ= ¦= ±= ¾=Ì=Ó=Û=ó=>>0>A>J>l]> Ê> Ô>ß>$ä> ??ž?¤?ª? º?àÇ?%¨@Î@€×@yXAÒAÚAâAöA6üA'3B[B#lB B ±B¿B ÏB ÚBDæB +C 7CDAC)†C&°C%×C'ýC$%D*JD!uD—D°DÊDáDE:EBYE:œE×EöEF*FFF[F+sFŸF¸FÓF/ëF%G5AG?wG*·G#âGIHPHUHhHxHŠHH˜H ¡H«H ´H ¾HÈHÚÙH´I»I ÎIÛIïIþI J$J8J IJVJgJ zJ†J–J §J³JÉJ ØJæJõJ KK #K -K8K>KFK[K{KšK´KÐKØKqáKSL fLqL‚LL‰LÖL ÝL éLöLþLAMHMLMRMYM aM»lMœ(N*ÅN¥ðOÅ–PD\QS¡Q+õQ!R¡7RƒÙRŒ]TêT{U”U U¨UW°U*V3V9VYVaVjV rV |V †V ‘VV¦V ®VºV&¿V#æV+ W)6WM`W0®W(ßW^XAgX;©XåXîXôXúXY YY Y Y&Y/Y 3Y?YEYNYSY VY`YhY-nY œY©Y ®Y ¹YÃYÈYÑY ÖYäYéYîYôYúYZZ ZZZZ&Z+Z4Z8Z?ZFZOZ WZcZ kZvZ&zZ¡ZÔ¸Z \˜\Æš\€a]Uâ]8^?_ F_P_ W_a_t_ {_ˆ_ ˜_¥_ »_È_Þ_ ñ_ þ_ `` (`5` H` U` b`o`‚` ˜`H¥`cî`]Raf°aWb‡obÁ÷bæ¹cE d$æd ee e&euEe»e ÂeÌe ÓeÝeíeôeff3fJf]fpfwfBf*Óf&þf'%g'Mg'ugg ¡g«g²gÅgØg ðgýg'h$>hchyh Œh –h h §h±h$Íh"òhi#5i#Yi&}i¤i«i²i¹iØi ij vj^ƒj âjïjklk †k*§k9Òk ll l 'l 1l >lKl ^l klxl ˆl •l¢l»lÑl äl ñl þl m m(m ;m Hm Umbmum ‹m˜m Ÿm ©m¶m¯½mmntnM{n%Énïno5#oYo `o jotoŠošo6·oîojp rp ~p ˆpÀ’pWSq6«qHâq+r :r FrjRr ½rÊrÐr6Ör ssss 's™3sÈÍso–tFurMuÀu Çuèuïuöuv v v-vIv`vvvŒv œv©vo¿v/w?w Rw\wxw{w ûw x xxÝ#xy y+y>y Ty^yey xy2‚yµyÔy"êy* z8zHz XzezBuz¸z¿z<Æz${$({(M{v{•{$´{Ù{ø{ |$|7|P|3j|?ž|3Þ|}(};}T}p}†},œ}É}Ü}ò}*~ 0~/Q~A~!Ã~!å~9 AKjz “  §´ÄËÛâùÿ€ & 6C \i ’ Ÿ ¬¹ ÉÖ éö ‚ ‚&‚9‚ O‚\‚ o‚ |‚‰‚ ‚‚³‚Ñ‚ï‚ ƒ'ƒ.ƒ`5ƒ–ƒ ¬ƒ¹ƒ σHÙƒ"„)„9„ I„S„=Z„˜„Ÿ„ £„ ­„ ·„ÊÄ„¥…#5†—Y‡¿ñ‡@±ˆDòˆ'7‰_‰‹r‰€þ‰w‹‡÷‹Œ ˜Œ ¢Œ ¬Œz¹Œ+4 `j ˆ • ¢¯¿Ïß òü ŽŽ(Ž(@Ž3iŽ.ŽPÌŽ5-S^Cà@$ eq x ƒ Ž ™¤ «µ¼à ÇÑ Øâéì óý.‘ 3‘@‘ G‘ R‘\‘c‘j‘ o‘}‘‚‘‰‘‘—‘ž‘¥‘¬‘³‘º‘¾‘Å‘Ì‘Ó‘Ú‘á‘ å‘ï‘ ö‘’ ’’'’B’0Ž†ãu ˆçá9yŸt£[ìâM›žýQuÂ$©AYšEÓ‡‰m×wojë¹`™Mň“Ô<Ä ™+)À»H{÷|,GŠÁ– T¤bHŠð:ÍNÒsnò/ªv« ûp;FiÆR:ÚxÈt;}„5~f.¬OƒI#pLù ›„_5 ‚— 8¸˜*[q{%ü7à)Û“Gra”23 4—CJB‡CkLŽè ‰€!˜YËäñíN^/-‘œVZóƒØ^z• ÿ]Zg2özérD6wïA0øh?ÊUÎÙš­¾}>KceÜe>ϧº¿dP …‹<låÃõ¨Xy|¦®_W ÞÖ4=\3oEÉ]'sŸ&!7%’…J.ž`D‚K(xdIna‹Ðôî’½O@æ¢Ç–-új6F+hþBÕµ"R³¥VX"#SêgSf~ 1·=±ß•b†vcUѶ1\,T('lQ ÝŒP8°k*œm¯”²9´qÌ$€Œ?&@Wi¼‘¡- Select -/A connection tracking helper is assisting to make protocols work that are using different flows for signaling and data transfers. The data transfers are using ports that are unrelated to the signaling connection and are therefore blocked by the firewall without the helper.A firewalld icmptype provides the information for an Internet Control Message Protocol (ICMP) type for firewalld.A firewalld service is a combination of ports, protocols, modules and destination addresses.A firewalld zone defines the level of trust for network connections, interfaces and source addresses bound to the zone. The zone combines services, ports, protocols, masquerading, port/packet forwarding, icmp filters and rich rules. The zone can be bound to interfaces and source addresses.AboutAbout %sActionAction:Active BindingsAddAdd ChainAdd Command LineAdd ContextAdd Entries From FileAdd EntryAdd Forward PortAdd ICMP TypeAdd IPSetAdd InterfaceAdd PassthroughAdd PortAdd ProtocolAdd Rich RuleAdd RuleAdd ServiceAdd SourceAdd User IdAdd User NameAdd ZoneAdd a rule with the arguments args to a chain in a table with a priority.Add additional ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine.Add additional ports or port ranges, which need to be accessible for all hosts or networks.Add additional source ports or port ranges, which need to be accessible for all hosts or networks that can connect to the machine.Add additional source ports or port ranges, which need to be accessible for all hosts or networks.Add entries to bind interfaces to the zone. If the interface will be used by a connection, the zone will be set to the zone specified in the connection.Add entries to bind source addresses or areas to the zone. You can also bind to a MAC source address, but with limitations. Port forwarding and masquerading will not work for MAC source bindings.Add entries to forward ports either from one port to another on the local system or from the local system to another system. Forwarding to another system is only useful if the interface is masqueraded. Port forwarding is IPv4 only.Add protocols, which need to be accessible for all hosts or networks.Additional chains for use with rules.AddressAllAll FilesAll network traffic is blocked.An IPSet can be used to create white or black lists and is able to store for example IP addresses, port numbers or MAC addresses. ArgsArgs:AuditAudit:Authorization failed.AuthorsAutomatic HelpersBase Helper SettingsBase ICMP Type SettingsBase IPSet SettingsBase Service SettingsBase Zone SettingsBindingsBlock all network trafficBold entries are mandatory, all others are optional.Built-in helper, rename not supported.Built-in icmp, rename not supported.Built-in ipset, rename not supported.Built-in service, rename not supported.Built-in zone, rename not supported.ChainChain:ChainsChange Default ZoneChange Log DeniedChange LogDenied value.Change ZoneChange Zones of Connections...Change default zone for connections or interfaces.Change which zone a network connection belongs to.Change zone of bindingChanges applied.Command lineCommand linesCommentConfiguration:Configure Automatic Helper AssigmentConfigure Automatic Helper Assignment setting.Configure Shields UP/Down Zones...Configure Shields Up/Down ZonesConnection to FirewallD established.Connection to FirewallD lost.Connection to firewalld established.ConnectionsContextContextsCurrent default zone of the system.Currently visible configuration. Runtime configuration is the actual active configuration. Permanent configuration will be active after service or system reload or restart.Default TargetDefault ZoneDefault Zone '{default_zone}' active for connection '{connection}' on interface '{interface}'Default Zone:Default Zone: %sDefault Zone: '%s'Default zone '{default_zone}' {activated_deactivated} for connection '{connection}' on interface '{interface}'Default zone changed to '%s'.Default zone used by network connection '%s'Define ports or port ranges, which are monitored by the helper.Description:DestDestinationDestination:Direct ChainDirect ConfigurationDirect Passthrough RuleDirect RuleEdit ChainEdit Command LineEdit ContextEdit EntryEdit Firewall Settings...Edit Forward PortEdit ICMP TypeEdit IPSetEdit InterfaceEdit PassthroughEdit PortEdit ProtocolEdit Rich RuleEdit RuleEdit ServiceEdit SourceEdit User IdEdit User NameEdit ZoneElementElement:Enable NotificationsEntriesEntries of the IPSet. You will only be able to see entries of ipsets that are not using the timeout option, also only the entries, that have been added by firewalld. Entries, that have been directly added with the ipset command wil not be listed here.EntryErrorFailed to connect to firewalld. Please make sure that the service has been started correctly and try again.Failed to get connections from NetworkManagerFailed to load icons.Failed to read file '%s': %sFailed to set zone {zone} for connection {connection_name}FamilyFamily:FirewallFirewall AppletFirewall ConfigurationFirewallD has been reloaded.For host or network white or blacklisting deactivate the element.Forward to another portForwarding to another system is only useful if the interface is masqueraded. Do you want to masquerade this zone ?Hashsize:HelperHelpersHere you can define which services are trusted in the zone. Trusted services are accessible from all hosts and networks that can reach the machine from connections, interfaces and sources bound to this zone.Here you can select the zones used for Shields Up and Shields Down.Here you can set rich language rules for the zone.Hide active runtime bindings of connections, interfaces and sources to zonesICMP FilterICMP TypeICMP TypesICMP Types can only be changed in the permanent configuration view. The runtime configuration of ICMP Types is fixed.IP address:IPSetIPSetsIPSets can only be created or deleted in the permanent configuration view.IPv4IPv4:IPv6IPv6:Icmp TypeIf Invert Filter is enabled, marked ICMP entries are accepted and the others are rejected. In a zone with the target DROP, they are dropped.If a command entry on the whitelist ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the absolute command inclusive arguments must match.If you enable local forwarding, you have to specify a port. This port has to be different to the source port.If you enable masquerading, IP forwarding will be enabled for your IPv4 networks.If you specify destination addresses, the service entry will be limited to the destination address and type. If both entries are empty, there is no limitation.IgnoreInitial hash size, default 1024InterfaceInterfacesInvalid nameInvert FilterLevel:LicenseLoad ICMP Type DefaultsLoad IPSet DefaultsLoad Service DefaultsLoad Zone DefaultsLocal forwardingLockdownLockdown WhitelistLockdown locks firewall configuration so that only applications on lockdown whitelist are able to change it.Lockdown:Log DeniedLog:Make runtime configuration permanentMarkMark the ICMP types in the list, which should be rejected. All other ICMP types are allowed to pass the firewall. The default is no limitation.Mark:Mask:Masquerade zoneMasqueradingMasquerading allows you to set up a host or router that connects your local network to the internet. Your local network will not be visible and the hosts appear as a single address on the internet. Masquerading is IPv4 only.Max number of elements, default 65536Maxelem:Meaning: Log of denied packets. But this is too long. LogDenied is also the parameter used in firewalld.conf.Automatic Helpers:Meaning: Log of denied packets. But this is too long. LogDenied is also the parameter used in firewalld.conf.Log Denied:Module:ModulesName already existsName:Netfilter helper modules are needed for some services.Network traffic is not blocked anymore.No Active Zones.No NetworkManager imports availableNo connection to firewall daemonOther Module:Other Protocol:Panic ModePanic Mode:Panic mode means that all incoming and outgoing packets are dropped.PassthroughPermanentPlease be careful with passthrough rules to not damage the firewall.Please configure base ICMP type settings:Please configure base helper settings:Please configure base ipset settings:Please configure base service settings:Please configure base zone settings:Please enter a mark with an optional mask.Please enter a port and protocol.Please enter a protocol.Please enter a rich rule.Please enter a source.Please enter an interface name:Please enter an ipset entry:Please enter an ipv4 address with the form address[/mask].Please enter an ipv4 or ipv6 address with the form address[/mask].Please enter an ipv6 address with the form address[/mask].Please enter the command line.Please enter the context.Please enter the user id.Please enter the user name.Please select a filePlease select a helper:Please select a netfilter conntrack helper:Please select a service.Please select an ICMP typePlease select an ipset:Please select default zone from the list below.Please select ipv and enter the args.Please select ipv and table and enter the chain name.Please select ipv and table, chain priority and enter the args.Please select the automatic helpers value:Please select the log denied value:Please select the source and destination options according to your needs.PortPort / Port Range:Port ForwardingPort and ProtocolPortsPrefix:PriorityPriority:ProtocolProtocol:ProtocolsReload FirewalldReloads firewall rules. Current permanent configuration will become new runtime configuration. i.e. all runtime only changes done until reload are lost with reload if they have not been also in permanent configuration.RemoveRemove All EntriesRemove ChainRemove Command LineRemove ContextRemove Entries From FileRemove EntryRemove Forward PortRemove ICMP TypeRemove IPSetRemove InterfaceRemove PassthroughRemove PortRemove ProtocolRemove Rich RuleRemove RuleRemove Selected EntryRemove ServiceRemove SourceRemove User IdRemove User NameRemove ZoneReset To DefaultRich RuleRich RulesRulesRuntimeRuntime To PermanentSelect zone for connection '%s'Select zone for interface '%s'Select zone for source %sSelect zone for source '%s'ServiceServicesServices can only be changed in the permanent configuration view. The runtime configuration of services is fixed.Shields Down Zone:Shields UpShields Up Zone:Short:Show active runtime bindings of connections, interfaces and sources to zonesSourceSource PortSource PortsSource:SourcesSpecify whether this ICMP Type is available for IPv4 and/or IPv6.SrcTableTable:Target:Text FilesThe Internet Control Message Protocol (ICMP) is mainly used to send error messages between networked computers, but additionally for informational messages like ping requests and replies.The context is the security (SELinux) context of a running application or service. To get the context of a running application use ps -e --context.The direct configuration gives a more direct access to the firewall. These options require user to know basic iptables concepts, i.e. tables, chains, commands, parameters and targets. Direct configuration should be used only as a last resort when it is not possible to use other firewalld features.The ipv argument of each option has to be ipv4 or ipv6 or eb. With ipv4 it will be for iptables, with ipv6 for ip6tables and with eb for ethernet bridges (ebtables).The lockdown feature is a light version of user and application policies for firewalld. It limits changes to the firewall. The lockdown whitelist can contain commands, contexts, users and user ids.The mark and the mask fields are both 32 bits wide unsigned numbers.The mask can be a network mask or a number for ipv4. The mask is a number for ipv6.The mask can be a network mask or a number.The mask is a number.The passthrough rules are directly passed through to the firewall and are not placed in special chains. All iptables, ip6tables and ebtables options can be used.The priority is used to order rules. Priority 0 means add rule on top of the chain, with a higher priority the rule will be added further down. Rules with the same priority are on the same level and the order of these rules is not fixed and may change. If you want to make sure that a rule will be added after another one, use a low priority for the first and a higher for the following.This IPSet uses the timeout option, therefore no entries are visible here. The entries should be taken care directly with the ipset command.This feature is useful for people using the default zones mostly. For users, that are changing zones of connections, it might be of limited use.Timeout value in secondsTimeout:To AddressTo PortTo enable this Action has to be 'reject' and Family either 'ipv4' or 'ipv6' (not both).Trying to connect to firewalld, waiting...Type:Used by network connection '%s'User IDUser IdsUser idUser ids.User nameUser namesUser names.Version:WarningWith limit:ZoneZone '%s' activated for interface '%s'Zone '%s' activated for source '%s'Zone '%s': ICMP type '%s' is not available.Zone '%s': Service '%s' is not available.Zone '{zone}' active for connection '{connection}' on interface '{interface}'Zone '{zone}' active for interface '{interface}'Zone '{zone}' active for source {source}Zone '{zone}' {activated_deactivated} for connection '{connection}' on interface '{interface}'Zone '{zone}' {activated_deactivated} for interface '{interface}'Zone '{zone}' {activated_deactivated} for source '{source}'Zone: %sZones_File_Help_Options_Viewacceptactivatedalertcriticaldaydeactivateddebugdisableddropebemergencyenablederrorfirewall;network;security;iptables;netfilter;forward-porthouricmp-blockicmp-typeinfoinvertedipv4ipv4 and ipv6ipv6ipv:labellevellimitlogmarkmasquerademinutenatnoticeportprotocolrawrejectsecondsecurityservicesource-portwarningwith Type:yes{entry} (Default Zone: {default_zone}){entry} (Zone: {zone})Project-Id-Version: PACKAGE VERSION Report-Msgid-Bugs-To: POT-Creation-Date: 2020-01-13 14:38-0500 PO-Revision-Date: 2018-11-16 08:29+0000 Last-Translator: Copied by Zanata Language-Team: Chinese (Taiwan) (http://www.transifex.com/projects/p/firewalld/language/zh_TW/) Language: zh_TW MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=1; plural=0; X-Generator: Zanata 4.6.2 - é¸å– -/連線追蹤輔助器是è¦è¼”助使用ä¸åŒè¨Šè™Ÿã€è³‡æ–™å‚³è¼¸æµå‘çš„å”定é‹ä½œã€‚資料傳輸若使用無關訊號連線的連接埠,在沒有輔助器的情æ³ä¸‹æœƒè¢«é˜²ç«ç‰†å°éŽ–。firewalld icmptype 為 firewalld æ供網際網路控制訊æ¯å”定 (ICMP,Internet Control Message Protocol) 類型資訊。firewalld æœå‹™å¯ç”±é€£æŽ¥åŸ ã€å”定ã€æ¨¡çµ„ã€ç›®çš„地ä½å€ç­‰çµ„åˆè€Œæˆã€‚firewalld 界域所定義的是ç¶å®šè©²ç•ŒåŸŸä¹‹ç¶²è·¯é€£ç·šã€ä»‹é¢ã€ä¾†æºä½å€çš„信任等級。界域能çµåˆæœå‹™ã€é€£æŽ¥åŸ ã€å”定ã€å½è£ã€é€£æŽ¥åŸ /å°åŒ…轉é€ã€icmp éŽæ¿¾ã€è±å¯Œè¦å‰‡ç­‰ã€‚界域å¯ä»¥èˆ‡ä»‹é¢ã€ä¾†æºä½å€ç­‰ç¶å®šã€‚關於關於 %s動作動作:使用中的ç¶å®šåŠ å…¥åŠ å…¥éˆæ¢åŠ å…¥æŒ‡ä»¤åˆ—加入情境從檔案新增項目加入æ¢ç›®åŠ å…¥è½‰é€é€£æŽ¥åŸ åŠ å…¥ ICMP 類型加入 IPSet加入介é¢åŠ å…¥é€šé€åŠ å…¥é€£æŽ¥åŸ åŠ å…¥å”定加入è±å¯Œè¦å‰‡åŠ å…¥è¦å‰‡åŠ å…¥æœå‹™åŠ å…¥ä¾†æºåŠ å…¥ä½¿ç”¨è€… ID加入使用者å稱加入界域加入有 args 引數的è¦å‰‡åˆ°æœ‰å„ªå…ˆç­‰ç´šçš„表格的éˆæ¢ä¸­ã€‚請添加其他連接埠或連接埠範åœï¼Œè®“所有å¯é€£æŽ¥è‡³æœ¬æ©Ÿçš„主機或網路存å–。新增é¡å¤–的通訊埠或通訊埠範åœï¼Œä¸¦ä¸”必須能被所有主機或網路存å–。加入其他來æºé€£æŽ¥åŸ æˆ–連接埠範åœï¼Œè®“所有å¯é€£æŽ¥è‡³æœ¬æ©Ÿçš„主機或網路存å–。加入其他來æºé€£è¨ŠåŸ æˆ–連接埠範åœï¼Œè®“所有主機或網路å‡å¯å­˜å–。請添加æ¢ç›®ä¾†å°‡ä»‹é¢èˆ‡æ­¤ç•ŒåŸŸç¶å®šã€‚如果介é¢æœƒè¢«æŸé€£ç·šä½¿ç”¨ï¼Œå‰‡ç•ŒåŸŸå°‡è¢«è¨­ç‚ºé€£ç·šä¸­æ‰€æŒ‡å®šçš„界域。請添加æ¢ç›®ä¾†å°‡ä¾†æºä½å€æˆ–å€åŸŸèˆ‡æ­¤ç•ŒåŸŸç¶å®šã€‚您也å¯ä»¥ç¶å®šè‡³ MAC 來æºä½å€ï¼Œä½†æœ‰é™åˆ¶ã€‚port forwarding 與 masquerading 都無法在 MAC 來æºç¶å®šä¸Šé‹ä½œã€‚新增æ¢ç›®ä¾†å¾žæœ¬åœ°ç«¯ç³»çµ±ä¸Šçš„一個連接埠轉é€è‡³å¦ä¸€å€‹é€£æŽ¥åŸ ï¼Œæˆ–由本地端系統轉é€è‡³å¦ä¸€éƒ¨ç³»çµ±ã€‚僅在介é¢å¡å½è£æ™‚æ‰èƒ½è½‰é€è‡³å¦ä¸€éƒ¨ç³»çµ±ã€‚連接埠轉é€åŠŸèƒ½åƒ…é©ç”¨æ–¼ IPv4。新增通訊å”定,並且必須能被所有主機或網路存å–。è¦ä½¿ç”¨çš„è¦å‰‡çš„é¡å¤–éˆæ¢ã€‚ä½å€å…¨éƒ¨æ‰€æœ‰æª”案所有網路交通已å°éŽ–。IPSet å¯ä»¥ç”¨ä¾†å»ºç«‹ç™½å單或黑å單,且å¯ä»¥å„²å­˜ä¾‹å¦‚ IP ä½å€ã€é€£æŽ¥åŸ è™Ÿã€æˆ– MAC ä½å€ç­‰ã€‚引數引數:稽核稽核:授權失敗。作者自動輔助器基礎輔助器設定基礎 ICMP 類型設定基礎 IPSet 設定值基礎æœå‹™è¨­å®šåŸºç¤Žç•ŒåŸŸè¨­å®šç¶å®šå°éŽ–所有網路交通粗體的æ¢ç›®ç‚ºå¼·åˆ¶é …目,其他æ¢ç›®å‰‡ç‚ºé¸ç”¨é …目。內建輔助器,ä¸æ”¯æ´é‡æ–°å‘½å。內建 icmp,ä¸æ”¯æ´é‡æ–°å‘½å。內建 ipset,ä¸æ”¯æ´é‡æ–°å‘½å。內建æœå‹™ï¼Œä¸æ”¯æ´é‡æ–°å‘½å。內建界域,ä¸æ”¯æ´é‡æ–°å‘½å。éˆéˆæ¢ï¼šéˆæ¢è®Šæ›´é è¨­ç•ŒåŸŸè®Šæ›´æ—¥èªŒè¢«æ‹’變更 LogDenied 值。變更å€åŸŸè®Šæ›´é€£ç·šçš„界域...變更連線或介é¢çš„é è¨­ç•ŒåŸŸã€‚變更網路連線所屬的界域。變更ç¶å®šçš„界域變更已套用。指令列指令列備註組態:設定自動輔助器指派設定自動輔助器指派設定。設定防禦展開/å¸ä¸‹ç•ŒåŸŸ...設定防禦展開/å¸ä¸‹ç•ŒåŸŸèˆ‡ FirewallD 的連線已建立。與 FirewallD 的連線已中斷。連至 firewalld 的連線已建立。連線情境情境系統的目å‰é è¨­ç•ŒåŸŸã€‚ç›®å‰å¯è¦‹çš„組態。執行時期組態為實際使用中組態。永久組態將在æœå‹™æˆ–系統é‡æ–°è¼‰å…¥æˆ–é‡æ–°å•Ÿå‹•ä¹‹å¾Œå•Ÿå‹•ã€‚é è¨­ç›®æ¨™é è¨­ç•ŒåŸŸé è¨­ç•ŒåŸŸã€Œ{default_zone}ã€ä½¿ç”¨ä¸­ï¼šé€£ç·šã€Œ{connection}ã€ï¼Œä»‹é¢ã€Œ{interface}ã€é è¨­åŸŸï¼šé è¨­ç•ŒåŸŸï¼š%sé è¨­ç•ŒåŸŸï¼šã€Œ%sã€é è¨­ç•ŒåŸŸã€Œ{default_zone}ã€{activated_deactivated}:連線「{connection}ã€ï¼Œä»‹é¢ã€Œ{interface}ã€é è¨­ç•ŒåŸŸè®Šæ›´ç‚ºã€Œ%sã€ã€‚網路連線 '%s' 所使用的é è¨­ç•ŒåŸŸå®šç¾©é€£æŽ¥åŸ æˆ–連接埠範åœï¼Œç”±è¼”助器監控。æ述:目標目的地目標:直接éˆæ¢ç›´æŽ¥çµ„態直接通é€è¦å‰‡ç›´æŽ¥è¦å‰‡ç·¨è¼¯éˆæ¢ç·¨è¼¯æŒ‡ä»¤åˆ—編輯情境編輯æ¢ç›®ç·¨è¼¯é˜²ç«ç‰†è¨­å®š...編輯轉é€é€£æŽ¥åŸ ç·¨è¼¯ ICMP 類型編輯 IPSet編輯介é¢ç·¨è¼¯é€šé€ç·¨è¼¯é€£æŽ¥åŸ ç·¨è¼¯å”定編輯è±å¯Œè¦å‰‡ç·¨è¼¯è¦å‰‡ç·¨è¼¯æœå‹™ç·¨è¼¯ä¾†æºç·¨è¼¯ä½¿ç”¨è€… ID編輯使用者å稱編輯界域元素元素:啟用通知æ¢ç›®IPSet çš„æ¢ç›®ã€‚您åªèƒ½çœ‹åˆ°æœªä½¿ç”¨é€¾æ™‚é¸é …çš„ IPset æ¢ç›®ï¼Œä»¥åŠåŠ å…¥ firewalld çš„æ¢ç›®ã€‚已經é€éŽ ipset 指令直接加入的æ¢ç›®ä¸æœƒåœ¨æ­¤åˆ—出。æ¢ç›®éŒ¯èª¤é€£æŽ¥ firewalld 失敗。請確定該æœå‹™å·²æ­£å¸¸å•Ÿå‹•ï¼Œç„¶å¾Œé‡è©¦ã€‚從 NetworkManager å–得連線失敗無法載入圖示。讀å–檔案 '%s' 失敗:%s無法為連線 {connection_name} 設定å€åŸŸ {zone}家庭家庭:防ç«ç‰†é˜²ç«ç‰†é¢æ¿ç¨‹å¼é˜²ç«ç‰†çµ„æ…‹FirewallD å·²é‡æ–°è¼‰å…¥ã€‚主機或網路白åå–®ã€é»‘å單來åœç”¨å…ƒç´ ã€‚轉é€è‡³å…¶ä»–連接埠轉é€è‡³å…¶ä»–系統的功能僅在介é¢ç‚ºå½è£ä¹‹æ™‚æ‰æœƒæœ‰ç”¨ã€‚ 您是å¦æƒ³è¦å½è£æ­¤ç•ŒåŸŸï¼ŸHashsize:輔助器輔助器你å¯ä»¥åœ¨æ­¤è™•å®šç¾©è©²ç•ŒåŸŸä¸­æœ‰å“ªäº›æœå‹™å€¼å¾—信任。åªè¦æ­¤ç•ŒåŸŸæ‰€ç¶å®šä¹‹é€£ç·šã€ä»‹é¢ã€ä¾†æºçš„主機與網路能觸åŠæœ¬æ©Ÿï¼Œå‰‡çš†å¯å­˜å–這些信任的æœå‹™ã€‚您å¯ä»¥åœ¨é€™è£¡é¸å–「防禦展開ã€èˆ‡ã€Œé˜²ç¦¦å¸ä¸‹ã€æ‰€è¦ä½¿ç”¨çš„界域。您å¯ä»¥åœ¨é€™è£¡è¨­å®šç•ŒåŸŸçš„è±å¯Œèªžè¨€è¦å‰‡ã€‚在界域中隱è—連線ã€ä»‹é¢åŠä¾†æºçš„使用中執行時期ç¶å®šICMP éŽæ¿¾å™¨ICMP é¡žåž‹ICMP é¡žåž‹ICMP 類型僅å¯ä»¥åœ¨æ°¸ä¹…組態檢視下更動。ICMP 類型的執行時期組態是固定ä¸è®Šçš„。IP ä½å€ï¼šIPSetIPSetIPSet åªèƒ½åœ¨æ°¸ä¹…é…置檢視下建立或刪除。IPv4IPv4:IPv6IPv6:Icmp 類型如果啟用了å轉篩é¸å™¨ï¼Œç³»çµ±æœƒæŽ¥å—已標示的 ICMP 項目,但拒絕其他項目。在目標為 DROP 的界域中,它們會被丟棄。如果白å單中的指令æ¢ç›®æ˜¯ä»¥ç±³å­—號「*ã€çµå°¾ï¼Œå‰‡æ‰€æœ‰ä»¥è©²æŒ‡ä»¤åˆ—開頭的任何指令皆會匹é…。如果「*ã€ä¸¦éžçµå°¾ï¼Œå‰‡å¿…須精確符åˆè©²æŒ‡ä»¤èˆ‡ç›¸é—œå¼•æ•¸ã€‚若您啟用本地端轉é€ï¼Œæ‚¨å°±å¿…é ˆè¦æŒ‡å®šé€£æŽ¥åŸ ã€‚這個連接埠必須和來æºé€£æŽ¥åŸ ä¸åŒã€‚若您啟用å½è£ï¼Œå°‡ç‚ºæ‚¨çš„ IPv4 網路啟用 IP 轉é€åŠŸèƒ½ã€‚若您指定目標ä½å€ï¼Œæœå‹™æ¢ç›®å°‡é™æ–¼ç›®çš„地ä½å€èˆ‡é¡žåž‹ã€‚若兩æ¢ç›®çš†ç©ºï¼Œå‰‡æ²’有é™åˆ¶ã€‚忽略åˆå§‹é›œæ¹Šå¤§å°ï¼Œé è¨­ 1024介é¢ä»‹é¢ç„¡æ•ˆçš„å稱å轉篩é¸å™¨ç­‰ç´šï¼šæŽˆæ¬Šæ¢æ¬¾è¼‰å…¥ ICMP é¡žåž‹é è¨­å€¼è¼‰å…¥ IPSet é è¨­å€¼è¼‰å…¥æœå‹™é è¨­å€¼è¼‰å…¥ç•ŒåŸŸé è¨­å€¼æœ¬åœ°ç«¯è½‰é€å°éŽ–管制å°éŽ–管制白åå–®å°éŽ–管制會鎖上防ç«ç‰†çµ„態,åªæœ‰å°éŽ–管制白å單中列出的應用程å¼å¯ä»¥æ”¹å‹•çµ„態。å°éŽ–管制:已拒絕的日誌記錄:使 runtime é…置永久化標記將清單中應被拒絕的 ICMP 類型標記起來。其他所有 ICMP 則å…許通éŽé˜²ç«ç‰†ã€‚é è¨­å€¼ç‚ºç„¡é™åˆ¶ã€‚標記:é®ç½©ï¼šå½è£ç•ŒåŸŸå½è£å½è£å¯è®“您設置個能讓您本本地端網路連至網際網路的主機或路由器。您的本地端網路ä¸æœƒè¢«çœ‹è¦‹ï¼Œä¸”眾主機在網際網路上會顯示æˆå–®ä¸€ä½å€ã€‚å½è£åŠŸèƒ½åƒ…é©ç”¨æ–¼ IPv4。元素最大數,é è¨­ 65536Maxelem:自動輔助器:已拒絕的日誌:模組:模組å稱已經存在å稱:有些æœå‹™å¿…須有 Netfilter 輔助器模組。網路交通已ä¸å†å°éŽ–。無使用中界域。無å¯ç”¨çš„ NetworkManager 匯入未有連接防ç«ç‰†å¹•å¾Œç¨‹å¼çš„連線其他模組:其他å”定:æ慌模å¼æ慌模å¼ï¼šæ慌模å¼ä»£è¡¨æ‰€æœ‰é€£å…¥èˆ‡å‚³å‡ºå°åŒ…都會直接丟棄。通é€æ°¸ä¹…使用通é€è¦å‰‡æ™‚請務必å°å¿ƒä»¥å…æ壞防ç«ç‰†ã€‚請調整基礎 ICMP 類型設定:請設定基礎輔助器設定值:請調整基礎 IPSet 設定值組態:請設定基礎æœå‹™è¨­å®šï¼šè«‹è¨­å®šåŸºç¤Žç•ŒåŸŸè¨­å®šï¼šè«‹è¼¸å…¥æ¨™è¨˜èˆ‡é¸ç”¨çš„é®ç½©ã€‚請輸入連接埠與å”定。請輸入å”定。請輸入è±å¯Œè¦å‰‡ã€‚請輸入來æºã€‚請輸入介é¢å稱:請輸入 ipset 項目:請從格å¼ä½å€ï¼ˆæˆ–é®ç½©ï¼‰è¼¸å…¥ IPV4 ä½å€è«‹å¾žæ ¼å¼ä½å€ï¼ˆæˆ–é®ç½©ï¼‰è¼¸å…¥ IPV4 或 IPV6 ä½å€ã€‚請從格å¼ä½å€ï¼ˆæˆ–é®ç½©ï¼‰è¼¸å…¥ IPV6 ä½å€è«‹è¼¸å…¥æŒ‡ä»¤åˆ—。請輸入情境。請輸入使用者 ID。請輸入使用者å稱。請é¸æ“‡ä¸€å€‹æª”案請é¸å–輔助器:請é¸å– netfilter 連接追蹤輔助器:請é¸å–æœå‹™ã€‚è«‹é¸å– ICMP é¡žåž‹è«‹é¸å– IPset:請從下列清單中é¸å–é è¨­ç•ŒåŸŸã€‚è«‹é¸å– ipv 並輸入引數。請é¸å– ipv 與表格,並輸入éˆæ¢å稱請é¸å– ipv 與表格ã€éˆæ¢å„ªå…ˆç­‰ç´šï¼Œä¸¦è¼¸å…¥å¼•æ•¸ã€‚è«‹é¸å–自動輔助器之值:請é¸æ“‡å·²æ‹’絕的日誌值:請根據您的需求é¸æ“‡ä¾†æºä»¥åŠç›®çš„地é¸é …。連接埠連接埠 / 連接埠範åœï¼šé€£æŽ¥åŸ è½‰é€é€£æŽ¥åŸ èˆ‡é€šè¨Šå”定連接埠å‰ç¶´ï¼šå„ªå…ˆç¨‹åº¦å„ªå…ˆç­‰ç´šï¼šå”定通訊å”定:å”定é‡æ–°è¼‰å…¥ Firewalldé‡æ–°è¼‰å…¥é˜²ç«ç‰†è¦å‰‡ã€‚ç›®å‰çš„永久組態會變æˆæ–°çš„執行時期組態。舉例,所有的執行時期下的變動直到é‡æ–°è¼‰å…¥å‰éƒ½æœƒæœ‰æ•ˆï¼šåªè¦æ”¹è®Šä¸æ˜¯è¨­åœ¨æ°¸ä¹…組態中,那麼一旦é‡æ–°è¼‰å…¥å¾Œæ‰€æœ‰æ”¹å‹•éƒ½æœƒæ¶ˆå¤±ã€‚移除移除所有項目移除éˆæ¢ç§»é™¤æŒ‡ä»¤åˆ—移除情境從檔案中移除項目移除æ¢ç›®ç§»é™¤è½‰é€é€£æŽ¥åŸ ç§»é™¤ ICMP 類型移除 IPSet移除介é¢ç§»é™¤é€šé€ç§»é™¤é€£æŽ¥åŸ ç§»é™¤å”定移除è±å¯Œè¦å‰‡ç§»é™¤è¦å‰‡ç§»é™¤é¸æ“‡çš„項目移除æœå‹™ç§»é™¤ä¾†æºç§»é™¤ä½¿ç”¨è€… ID移除使用者å稱移除界域é‡è¨­å›žé è¨­å€¼è±å¯Œè¦å‰‡è±å¯Œè¦å‰‡è¦å‰‡åŸ·è¡Œæ™‚期使 Runtime 永久化é¸å–「%sã€é€£ç·šçš„界域é¸å–「%sã€ä»‹é¢çš„界域é¸å– %s 來æºçš„界域é¸å–「%sã€ä¾†æºçš„界域æœå‹™æœå‹™æœå‹™åƒ…å¯ä»¥åœ¨æ°¸ä¹…組態檢視下更動。æœå‹™çš„執行時期組態是固定ä¸è®Šçš„。防禦å¸ä¸‹ç•ŒåŸŸï¼šé˜²ç¦¦å±•é–‹é˜²ç¦¦å±•é–‹ç•ŒåŸŸï¼šç°¡çŸ­ï¼šåœ¨ç•ŒåŸŸä¸­é¡¯ç¤ºé€£ç·šã€ä»‹é¢åŠä¾†æºçš„使用中執行時期ç¶å®šä¾†æºä¾†æºé€£æŽ¥åŸ ä¾†æºé€£æŽ¥åŸ ä¾†æºï¼šä¾†æºæŒ‡æ˜Žæ­¤ ICMP 類型在 IPv4 與/或 IPv6 中是å¦å¯ç”¨ã€‚來æºè¡¨è¡¨æ ¼ï¼šç›®æ¨™ï¼šæ–‡å­—檔案網際網路控制訊æ¯é€šè¨Šå”定 (Internet Control Message Protocol, ICMP) 主è¦ç”¨åœ¨é€£ç¶²é›»è…¦é–“錯誤訊æ¯çš„傳é€ï¼Œä¸éŽä¹Ÿèƒ½è¢«ç”¨ä¾†å‚³é€åƒæ˜¯ ping 請求和回應的資訊訊æ¯ã€‚情境是指執行中應用程å¼æˆ–æœå‹™çš„安全情境 (SELinux 情境)。若è¦å–得執行中應用程å¼çš„情境,請使用指令 ps -e --context。直接組態讓您å¯ä»¥æ›´ç›´æŽ¥åœ°å­˜å–防ç«ç‰†ã€‚這些é¸é …需è¦ä½¿ç”¨è€…知曉基礎的 iptables 概念,例如表格ã€éˆæ¢ã€æŒ‡ä»¤ã€åƒæ•¸ã€ç›®æ¨™ç­‰ã€‚直接組態應該謹以「最後的é¿é¢¨æ¸¯ã€çš„心態å°å¾…,åªåœ¨ç„¡æ³•ä½¿ç”¨å…¶ä»– firewalld 功能時æ‰ä½¿ç”¨ã€‚æ¯å€‹é¸é …çš„ ipv 引數必須是 ipv4 或 ipv6 或 eb。ipv4 用於 iptables,ipv6 用於 ip6tables,而 eb 用於乙太網路接橋 (ebtables)。å°éŽ–管制功能是 firewalld 其使用者與應用程å¼æ–¹é‡çš„輕é‡ç‰ˆã€‚它會é™åˆ¶é˜²ç«ç‰†çš„更動。å°éŽ–管制白åå–®å¯ä»¥åŒ…å«æŒ‡ä»¤ã€æƒ…境ã€ä½¿ç”¨è€…與使用者 ID。標記與é®ç½©æ¬„ä½éƒ½æ˜¯ 32 ä½å…ƒå¯¬çš„無正負號數字。IPv4 é®ç½©å¯ä»¥æ˜¯ç¶²è·¯é®ç½©æˆ–數字。 IPv6 é®ç½©æ˜¯æ•¸å­—。é®ç½©å¯ä»¥æ˜¯ç¶²è·¯é®ç½©æˆ–數字。é®ç½©ç‚ºæ•¸å­—。通é€è¦å‰‡æœƒç›´æŽ¥å‚³éžçµ¦é˜²ç«ç‰†ï¼Œè€Œä¸æœƒæ”¾å…¥ç‰¹æ®Šéˆæ¢ä¸­ã€‚所有的 iptablsã€ip6tables 與 ebtables é¸é …皆å¯ä½¿ç”¨ã€‚優先等級用來排åºè¦å‰‡ã€‚優先等級 0 代表將è¦å‰‡åŠ åˆ°éˆæ¢é ‚端;優先等級數字越高,è¦å‰‡æœƒè¶Šå¾€å¾Œæ“ºæ”¾ã€‚相åŒå„ªå…ˆç­‰ç´šçš„è¦å‰‡ä½åœ¨åŒå€‹ç­‰ç´šä¸­ï¼Œè€Œé€™äº›è¦å‰‡çš„é †åºä¸¦éžå›ºå®šè€Œå¯èƒ½è®Šå‹•ã€‚如果您想è¦ç¢ºä¿æŸè¦å‰‡åœ¨æŸå€‹è¦å‰‡ä¹‹å¾Œæ‰åŠ å…¥ï¼Œå‰è€…請使用較低的優先等級,後者請使用較高的優先等級。這 IPSet 使用逾時值,因此此處看ä¸åˆ°ä»»ä½•æ¢ç›®ã€‚這些æ¢ç›®æ‡‰è©²ç›´æŽ¥é€éŽ ipset 指令來處ç†ã€‚此功能å°æ–¼å¤§å¤šæ•¸ä½¿ç”¨é è¨­ç•ŒåŸŸçš„人來說很有用處。至於更改連線的界域之使用者,這å¯èƒ½ç”¨è™•ä¸å¤§ã€‚時é™å€¼ï¼Œå–®ä½ç‚ºç§’時é™ï¼šè‡³ä½å€è‡³é€£æŽ¥åŸ è¦å•Ÿç”¨æ­¤åŠŸèƒ½ï¼Œã€Œå‹•ä½œã€å¿…須是「拒絕ã€è€Œã€Œå®¶æ—ã€å¿…須是「ipv4ã€æˆ–「ipv6ã€ï¼ˆè€Œéžå…©è€…)。正在嘗試連上 firewalld,等待中...類型:由「%sã€ç¶²è·¯é€£ç·šä½¿ç”¨ä½¿ç”¨è€… ID使用者 ID使用者 ID使用者 ID。使用者å稱使用者å稱使用者å稱。版本:警告有é™åˆ¶ï¼šç•ŒåŸŸç•ŒåŸŸã€Œ%sã€å·²å•Ÿå‹•ï¼šä»‹é¢ã€Œ%sã€ç•ŒåŸŸã€Œ%sã€å·²å•Ÿå‹•ï¼šä¾†æºã€Œ%sã€ç•ŒåŸŸã€Œ%sã€ï¼šICMP 類型「%sã€ç„¡æ³•ä½¿ç”¨ã€‚界域「%sã€ï¼šæœå‹™ã€Œ%sã€ç„¡æ³•ä½¿ç”¨ã€‚界域「{zone}ã€ä½¿ç”¨ä¸­ï¼šé€£ç·šã€Œ{connection}ã€ï¼Œä»‹é¢ã€Œ{interface}ã€ç•ŒåŸŸã€Œ{zone}ã€ä½¿ç”¨ä¸­ï¼šä»‹é¢ã€Œ{interface}ã€ç•ŒåŸŸã€Œ{zone}ã€ä½¿ç”¨ä¸­ï¼šä¾†æº {source}界域「{zone}ã€{activated_deactivated}:連線「{connection}ã€ï¼Œä»‹é¢ã€Œ{interface}ã€ç•ŒåŸŸã€Œ{zone}ã€{activated_deactivated}:介é¢ã€Œ{interface}ã€ç•ŒåŸŸã€Œ{zone}ã€{activated_deactivated}:來æºã€Œ{source}ã€ç•ŒåŸŸï¼š%s界域檔案(_F)求助(_H)é¸é …(_O)檢視(_V)接å—已啟動警示嚴é‡æ—¥å·²åœæ­¢é™¤éŒ¯å·²åœç”¨ä¸Ÿè½eb緊急已啟用錯誤防ç«ç‰†;網路;安全性;iptables;netfilter;forward-portå°æ™‚icmp-blockicmp-type資訊å轉ipv4ipv4 與 ipv6ipv6ipv:標籤等級é™åˆ¶è¨˜éŒ„標記å½è£åˆ†é˜nat注æ„接埠å”定原始拒絕秒安全性æœå‹™source-port警告此類型:是{entry} (é è¨­ç•ŒåŸŸï¼š{default_zone}){entry} (界域:{zone})