zoukankan      html  css  js  c++  java
  • oenstack firewalld ufw

    firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '



    所有计算
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022"  accept" --zone=internal



    ubuntu14
    ufw delete allow ssh
    ufw allow proto tcp from 10.34.1.15 to any port 22





    CentOS7

    计算节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535"  accept"



    控制节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535"  accept"

    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080"  accept"



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211
    ufw allow proto tcp from 10.34.1.2 to any port 5900
    ufw allow proto tcp from 10.34.1.2 to any port 5901
    ufw allow proto tcp from 10.34.1.2 to any port 5902
    ufw allow proto tcp from 10.34.1.2 to any port 5903
    ufw allow proto tcp from 10.34.1.2 to any port 5903



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211

    ufw allow proto tcp from 10.34.1.5 to any port 3306
    ufw allow proto tcp from 10.34.1.5 to any port 2379
    ufw allow proto tcp from 10.34.1.5 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 3306
    ufw allow proto tcp from 10.34.1.9 to any port 2379
    ufw allow proto tcp from 10.34.1.9 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 5672
    ufw allow proto tcp from 10.34.1.9 to any port 2380
    ufw allow proto tcp from 10.34.1.9 to any port 4369



    ufw allow proto tcp from 10.34.1.15 to any port 22


    ufw allow proto udp from 10.34.1.2 to any port 123

    ufw allow proto tcp from 10.34.1.2 to any port 5672



    ufw allow proto tcp from 10.34.1.10 to any port 5901
    ufw allow proto tcp from 10.34.1.10 to any port 5902
    ufw allow proto tcp from 10.34.1.10 to any port 5903
    ufw allow proto tcp from 10.34.1.10 to any port 5904
    ufw allow proto tcp from 10.34.1.10 to any port 5905
    ufw allow proto tcp from 10.34.1.10 to any port 5906
    ufw allow proto tcp from 10.34.1.10 to any port 5907
    ufw allow proto tcp from 10.34.1.10 to any port 5908
    ufw allow proto tcp from 10.34.1.10 to any port 5909


    ufw allow from 10.34.1.10
    ufw allow proto tcp from 10.34.1.15 to any port 22

    ufw default allow routed

     /etc/sysctl.conf

    net.ipv4.icmp_echo_ignore_all=1

  • 相关阅读:
    falsh developer 快捷键
    FlashDevelop安装配置
    EditPlus保存时不生成bak文件(转)
    微信oauth2验证
    通过TortoiseSVN checkout的文件前面没有“状态标识”
    CSS3 Media Query 响应式媒体查询
    回车事件、键盘事件
    shiro登录密码加密
    mybatis常用类起别名
    shiro(四)项目开发中的配置、
  • 原文地址:https://www.cnblogs.com/ruiy/p/14257205.html
Copyright © 2011-2022 走看看