zoukankan html css js c++ java

linux系统中firewalld防火墙策略工具firewallconfig命令设置富规则

准备两台虚拟及PC1和PC2，设置PC1拒绝PC2访问PC1的22端口

1、

[root@PC1linuxprobe Desktop]# ifconfig | head -n 3  ## 查看PC1IP
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe20:bf5e  prefixlen 64  scopeid 0x20<link>

[root@PC2linuxprobe Desktop]# ifconfig | head -n 3  ##  查看PC2IP
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe15:20b6  prefixlen 64  scopeid 0x20<link>
[root@PC2linuxprobe Desktop]# ping -c 3 192.168.10.10  ## 联通
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.235 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.230 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.220 ms

--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.220/0.228/0.235/0.013 ms
[root@PC2linuxprobe Desktop]# ssh 192.168.10.10  ## 测试远程登录，通过
root@192.168.10.10's password: 
Last login: Sat Nov  7 20:57:14 2020 from 192.168.10.20
[root@PC1linuxprobe ~]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe20:bf5e  prefixlen 64  scopeid 0x20<link>
[root@PC1linuxprobe ~]# exit
logout
Connection to 192.168.10.10 closed.

2、在PC1中设置富规则

3、在PC2主机中测试

[root@PC2linuxprobe Desktop]# ifconfig | head -n 3  ## 查看IP
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe15:20b6  prefixlen 64  scopeid 0x20<link>
[root@PC2linuxprobe Desktop]# ping -c 3 192.168.10.10  ## 联通
PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.
64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.220 ms
64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.204 ms
64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.221 ms

--- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.204/0.215/0.221/0.007 ms
[root@PC2linuxprobe Desktop]# ssh 192.168.10.10  ## 无法远程登录（22端口为ssh服务）
ssh: connect to host 192.168.10.10 port 22: Connection refused

4、在PC1中移除富规则

在PC2中测试：

[root@PC2linuxprobe Desktop]# ssh 192.168.10.10  ## 可以远程登录
root@192.168.10.10's password: 
Last login: Sat Nov  7 21:03:05 2020 from 192.168.10.20
[root@PC1linuxprobe ~]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe20:bf5e  prefixlen 64  scopeid 0x20<link>
[root@PC1linuxprobe ~]# exit
logout
Connection to 192.168.10.10 closed.

查看全文

相关阅读:
Java接口（interface），扫盲贴
 Java抽象类，扫盲贴
 Java类的继承、super关键字、复写
 Java内部类，扫盲贴
 数据结构学习笔记1--简单排序
 7.1 通用的职责分配软件原则 GRASP原则一: 创建者 Creator
6.6 面向对象设计
 6.5 开始进入设计 … Transition to Design
6.4 操作契约 Operation Contracts
6.3 契约式设计

原文地址：https://www.cnblogs.com/liujiaxin2018/p/13942433.html