zoukankan      html  css  js  c++  java
  • centos 7 防火墙配置和白名单问题

    查看防火墙状态:
    systemctl status firewalld

    开启防火墙并设置开机自启
    • systemctl start firewalld
    • systemctl enable firewalld

    1. 开放 22端口:

    firewall-cmd --zone=public --add-port=22/tcp --permanent

    重新载入一下:
    firewall-cmd --reload

    查看下是否生效:
    firewall-cmd --zone=public --query-port=22/tcp

    查看开放的端口:
    firewall-cmd --zone=public --list-ports

    批量开放端口:
    firewall-cmd --zone=public --add-port=100-500/tcp --permanent
    查看是否生效
    firewall-cmd --zone=public --list-rich-rules
     

    2. 插入代码:

    #!/bin/bash
    
    # enable the firewall service
    service firewalld start
    
    # config firewall to permit ip range:172.16.17.1-70, port:1521
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.0/26" port protocol="tcp" port="1521" accept'
    
    # permit 172.16.17.63, since it is broadcast address in above ip range.
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.63" port protocol="tcp" port="1521" accept'
    
    # permit 172.16.17.64-70 one by one
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.64" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.65" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.66" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.67" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.68" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.69" port protocol="tcp" port="1521" accept'
    firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="172.16.17.70" port protocol="tcp" port="1521" accept'
    
    # reload for taking effect this time
    firewall-cmd --reload

    3. 查看文件,修改规则

    vi /etc/firewalld/zones/public.xml
  • 相关阅读:
    在不同的浏览器下FORM及它的小伙伴们默认样式的CSS属性值是不全然一致
    思考博客园的机器人攻击,想到我们可能也需要开启iptables
    大数据量的Mysql数据库备份策略
    win7或win2008系统中,出现【已停止工作,联机检查解决方案并关闭该程序,关闭程序】解决方法!
    Mysql的碎片查看与处理
    "个性化空间"性能优化方案设计初步
    假期结束后的工作安排
    GZIP压缩占用CPU大吗?
    媒体云平台
    关于二级缓存的设计思路
  • 原文地址:https://www.cnblogs.com/leolzi/p/14004457.html
Copyright © 2011-2022 走看看