zoukankan      html  css  js  c++  java
  • SLES 12 sp2开启SuSEfirewall2 防火墙后,放行VRRP协议 (用于keepalived搭建高可用规则)

    centos 6下面修改防火墙
    vi /etc/sysconfig/iptables 增加这个
    -A INPUT -p 112 -d 224.0.0.0/32 -j ACCEPT #-p 112指定协议为112,也可-p vrrp即vrrp,keepalived组播地址是224.0.0.18

    centos7下面改防火墙
    firewall-cmd --direct --permanent --add-rule ipv4 filter INPUT 0 --in-interface enp4s0 --destination 224.0.0.18 --protocol vrrp -j ACCEPT
    firewall-cmd --reload

    suse下面修改防火墙
    vi /etc/sysconfig/SuSEfirewall2
    将下面这行的注释去掉
    FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
    并将下面这行注释掉
    FW_CUSTOMRULES=""

    然后
    vi /etc/sysconfig/scripts/SuSEfirewall2-custom

    fw_custom_before_port_handling() {

    # these rules will be loaded after the anti-spoofing and icmp handling
    # and after the input has been redirected to the input_XXX and
    # forward_XXX chains and some basic chain-specific anti-circumvention
    # rules have been set,
    # but before any IP protocol or TCP/UDP port allow/protection rules
    # will be set.
    # You can use this hook to allow/deny certain IP protocols or TCP/UDP
    # ports before the SuSEfirewall2 generated rules are hit.

    #添加下面这行
    iptables -A INPUT -p vrrp -j ACCEPT -d 224.0.0.18
    true
    }

    http://www.kikikoo.com/uid-20794884-id-5704461.html

    谢谢谷歌,谢谢上面这位大神~

    参考: https://docs.oracle.com/cd/E37670_01/E41138/html/section_ksr_psb_nr.html

  • 相关阅读:
    mysql注入小测试
    让函数返回指定值实用写法
    源码下载网址
    带宽
    九度oj 题目1080:进制转换
    九度oj 题目1079:手机键盘
    poj 3046 Ant Counting
    整数拆分问题
    poj 2229 Sumsets
    九度oj 题目1411:转圈
  • 原文地址:https://www.cnblogs.com/ralphdc/p/7113491.html
Copyright © 2011-2022 走看看