zoukankan      html  css  js  c++  java

  • oenstack firewalld ufw

    firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '



    所有计算
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022"  accept" --zone=internal



    ubuntu14
    ufw delete allow ssh
    ufw allow proto tcp from 10.34.1.15 to any port 22





    CentOS7

    计算节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535"  accept"



    控制节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535"  accept"

    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080"  accept"



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211
    ufw allow proto tcp from 10.34.1.2 to any port 5900
    ufw allow proto tcp from 10.34.1.2 to any port 5901
    ufw allow proto tcp from 10.34.1.2 to any port 5902
    ufw allow proto tcp from 10.34.1.2 to any port 5903
    ufw allow proto tcp from 10.34.1.2 to any port 5903



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211

    ufw allow proto tcp from 10.34.1.5 to any port 3306
    ufw allow proto tcp from 10.34.1.5 to any port 2379
    ufw allow proto tcp from 10.34.1.5 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 3306
    ufw allow proto tcp from 10.34.1.9 to any port 2379
    ufw allow proto tcp from 10.34.1.9 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 5672
    ufw allow proto tcp from 10.34.1.9 to any port 2380
    ufw allow proto tcp from 10.34.1.9 to any port 4369



    ufw allow proto tcp from 10.34.1.15 to any port 22


    ufw allow proto udp from 10.34.1.2 to any port 123

    ufw allow proto tcp from 10.34.1.2 to any port 5672



    ufw allow proto tcp from 10.34.1.10 to any port 5901
    ufw allow proto tcp from 10.34.1.10 to any port 5902
    ufw allow proto tcp from 10.34.1.10 to any port 5903
    ufw allow proto tcp from 10.34.1.10 to any port 5904
    ufw allow proto tcp from 10.34.1.10 to any port 5905
    ufw allow proto tcp from 10.34.1.10 to any port 5906
    ufw allow proto tcp from 10.34.1.10 to any port 5907
    ufw allow proto tcp from 10.34.1.10 to any port 5908
    ufw allow proto tcp from 10.34.1.10 to any port 5909


    ufw allow from 10.34.1.10
    ufw allow proto tcp from 10.34.1.15 to any port 22

    ufw default allow routed

     /etc/sysctl.conf

    net.ipv4.icmp_echo_ignore_all=1
  • 相关阅读:
    再谈Asp.Net页面生命周期
    多线程、方便扩展的Windows服务程序框架
    用NuGet.Server管好自家的包包
    github for Windows
    MongoVUE 15天试用期解决办法
    NET插件系统——提升系统搜索插件和启动速度的思考
    Visual Studio Ultimate 2012 RC 安装手记
    自动完成菜单
    HBase
    WCF消息可靠性于有序传递
  • 原文地址:https://www.cnblogs.com/ruiy/p/14257205.html
Copyright © 2011-2022 走看看