zoukankan      html  css  js  c++  java

  • oenstack firewalld ufw

    firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '



    所有计算
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022"  accept" --zone=internal



    ubuntu14
    ufw delete allow ssh
    ufw allow proto tcp from 10.34.1.15 to any port 22





    CentOS7

    计算节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535"  accept"



    控制节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535"  accept"

    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080"  accept"



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211
    ufw allow proto tcp from 10.34.1.2 to any port 5900
    ufw allow proto tcp from 10.34.1.2 to any port 5901
    ufw allow proto tcp from 10.34.1.2 to any port 5902
    ufw allow proto tcp from 10.34.1.2 to any port 5903
    ufw allow proto tcp from 10.34.1.2 to any port 5903



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211

    ufw allow proto tcp from 10.34.1.5 to any port 3306
    ufw allow proto tcp from 10.34.1.5 to any port 2379
    ufw allow proto tcp from 10.34.1.5 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 3306
    ufw allow proto tcp from 10.34.1.9 to any port 2379
    ufw allow proto tcp from 10.34.1.9 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 5672
    ufw allow proto tcp from 10.34.1.9 to any port 2380
    ufw allow proto tcp from 10.34.1.9 to any port 4369



    ufw allow proto tcp from 10.34.1.15 to any port 22


    ufw allow proto udp from 10.34.1.2 to any port 123

    ufw allow proto tcp from 10.34.1.2 to any port 5672



    ufw allow proto tcp from 10.34.1.10 to any port 5901
    ufw allow proto tcp from 10.34.1.10 to any port 5902
    ufw allow proto tcp from 10.34.1.10 to any port 5903
    ufw allow proto tcp from 10.34.1.10 to any port 5904
    ufw allow proto tcp from 10.34.1.10 to any port 5905
    ufw allow proto tcp from 10.34.1.10 to any port 5906
    ufw allow proto tcp from 10.34.1.10 to any port 5907
    ufw allow proto tcp from 10.34.1.10 to any port 5908
    ufw allow proto tcp from 10.34.1.10 to any port 5909


    ufw allow from 10.34.1.10
    ufw allow proto tcp from 10.34.1.15 to any port 22

    ufw default allow routed

     /etc/sysctl.conf

    net.ipv4.icmp_echo_ignore_all=1
  • 相关阅读:
    线程
    自定义异常
    throw 子句
    throw 语句
    异常处理
    异常处理
    匿名类
    接口的使用,内部类
    接口,接口的定义
    如何理解无偏估计?无偏估计有什么用?什么是无偏估计?
  • 原文地址:https://www.cnblogs.com/ruiy/p/14257205.html
Copyright © 2011-2022 走看看