Firewalld不打印活动区域

Question

在vagrant Ubuntu 18.04.02框上：

root@ubuntu-bionic:~# firewall-cmd --get-active-zones 
root@ubuntu-bionic:~# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh dhcpv6-client
  ports: 4444/tcp 5555/tcp
  protocols: 
  masquerade: yes
  forward-ports: port=80:proto=tcp:toport=12345:toaddr=
    port=80:proto=tcp:toport=12345:toaddr=192.168.1.6
  source-ports: 
  icmp-blocks: 
  rich rules: 

为什么firewall-cmd不返回任何活动区域？

root@ubuntu-bionic:~# systemctl status firewalld.service 
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2019-05-05 11:22:56 UTC; 39min ago
     Docs: man:firewalld(1)
 Main PID: 791 (firewalld)
    Tasks: 2 (limit: 1152)
   CGroup: /system.slice/firewalld.service
           └─791 /usr/bin/python3 -Es /usr/sbin/firewalld --nofork --nopid

Answer 1

结果是，当谈到active用于firewalld区域的概念时，必须将正在使用并绑定到特定接口的源IP添加到特定的区域(以便后者成为active)。

这是怎么回事

root@ubuntu-bionic:~# ip -4 addr show enp0s8
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.33.10/24 brd 192.168.33.255 scope global enp0s8
       valid_lft forever preferred_lft forever

root@ubuntu-bionic:~# firewall-cmd --zone=public --add-source=192.168.33.10 --permanent
success
root@ubuntu-bionic:~# firewall-cmd --zone=public --add-source=192.168.33.10 
success
root@ubuntu-bionic:~# firewall-cmd --reload
success

而现在..。

root@ubuntu-bionic:~# firewall-cmd --get-active-zones 
public
  sources: 192.168.33.10