zoukankan      html  css  js  c++  java
  • centos 7 防火墙配置和白名单问题

    查看防火墙状态:
    systemctl status firewalld

    开启防火墙并设置开机自启
    • systemctl start firewalld
    • systemctl enable firewalld

    1. 开放 22端口:

    firewall-cmd --zone=public --add-port=22/tcp --permanent

    重新载入一下:
    firewall-cmd --reload

    查看下是否生效:
    firewall-cmd --zone=public --query-port=22/tcp

    查看开放的端口:
    firewall-cmd --zone=public --list-ports

    批量开放端口:
    firewall-cmd --zone=public --add-port=100-500/tcp --permanent
    查看是否生效
    firewall-cmd --zone=public --list-rich-rules
     

    2. 插入代码:

    #!/bin/bash
    
    # enable the firewall service
    service firewalld start
    
    # config firewall to permit ip range:172.16.17.1-70, port:1521
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept'
    
    # permit 172.16.17.63, since it is broadcast address in above ip range.
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept'
    
    # permit 172.16.17.64-70 one by one
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept'
    
    # reload for taking effect this time
    firewall-cmd --reload

    3. 查看文件,修改规则

    vi /etc/firewalld/zones/public.xml
  • 相关阅读:
    html <a> 标记 颜色与下划线 muddy
    sharepoint 获得当前登录人的用户名(转载) muddy
    AspNetPager+GridView分页实现
    UpdatePanel的简单用法(1)
    LINQ to SQL系列三 使用DeferredLoadingEnabled,DataLoadOption指定加载选项
    Custom Sharepoint Lookup Field
    Gridview使用LINQ分页例子
    合并GridView中某行相同信息的行
    初学LINQ增删改查(一)
    ASP.NET购物车
  • 原文地址:https://www.cnblogs.com/leolzi/p/14004457.html
Copyright © 2011-2022 走看看