现在我是每个 zone 都加上想要开放的端口, 从而避免网络不通发生:
docker.xml
<?xml version="1.0" encoding="utf-8"?>
<zone version="1.0" target="ACCEPT">
<short>docker</short>
<description>zone for docker bridge network interfaces</description>
<port protocol="tcp" port="2222"/>
<port protocol="tcp" port="55555"/>
<port protocol="tcp" port="33333"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
<port protocol="tcp" port="25"/>
<port protocol="tcp" port="587"/>
<port protocol="tcp" port="465"/>
<port protocol="tcp" port="110"/>
<port protocol="tcp" port="993"/>
<port protocol="tcp" port="995"/>
<port protocol="tcp" port="9000"/>
</zone>
---------------------------------------------------------------
iredmail.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Mail services</short>
<description>Allow access to mail services from external network.</description>
<service name="http"/>
<service name="https"/>
<service name="smtp"/>
<service name="smtp-submission"/>
<service name="pop3"/>
<service name="pop3s"/>
<service name="imap"/>
<service name="imaps"/>
<service name="ssh"/>
<port protocol="tcp" port="2222"/>
<port protocol="tcp" port="55555"/>
<port protocol="tcp" port="33333"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
<port protocol="tcp" port="25"/>
<port protocol="tcp" port="587"/>
<port protocol="tcp" port="465"/>
<port protocol="tcp" port="110"/>
<port protocol="tcp" port="993"/>
<port protocol="tcp" port="995"/>
<port protocol="tcp" port="9000"/>
<icmp-block-inversion/>
<rule>
<protocol value="icmp"/>
<drop/>
</rule>
</zone>
----------------------------------------------
public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="ssh"/>
</zone>