zoukankan      html  css  js  c++  java
  • oenstack firewalld ufw

    firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '



    所有计算
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022"  accept" --zone=internal



    ubuntu14
    ufw delete allow ssh
    ufw allow proto tcp from 10.34.1.15 to any port 22





    CentOS7

    计算节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535"  accept"



    控制节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535"  accept"

    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080"  accept"



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211
    ufw allow proto tcp from 10.34.1.2 to any port 5900
    ufw allow proto tcp from 10.34.1.2 to any port 5901
    ufw allow proto tcp from 10.34.1.2 to any port 5902
    ufw allow proto tcp from 10.34.1.2 to any port 5903
    ufw allow proto tcp from 10.34.1.2 to any port 5903



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211

    ufw allow proto tcp from 10.34.1.5 to any port 3306
    ufw allow proto tcp from 10.34.1.5 to any port 2379
    ufw allow proto tcp from 10.34.1.5 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 3306
    ufw allow proto tcp from 10.34.1.9 to any port 2379
    ufw allow proto tcp from 10.34.1.9 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 5672
    ufw allow proto tcp from 10.34.1.9 to any port 2380
    ufw allow proto tcp from 10.34.1.9 to any port 4369



    ufw allow proto tcp from 10.34.1.15 to any port 22


    ufw allow proto udp from 10.34.1.2 to any port 123

    ufw allow proto tcp from 10.34.1.2 to any port 5672



    ufw allow proto tcp from 10.34.1.10 to any port 5901
    ufw allow proto tcp from 10.34.1.10 to any port 5902
    ufw allow proto tcp from 10.34.1.10 to any port 5903
    ufw allow proto tcp from 10.34.1.10 to any port 5904
    ufw allow proto tcp from 10.34.1.10 to any port 5905
    ufw allow proto tcp from 10.34.1.10 to any port 5906
    ufw allow proto tcp from 10.34.1.10 to any port 5907
    ufw allow proto tcp from 10.34.1.10 to any port 5908
    ufw allow proto tcp from 10.34.1.10 to any port 5909


    ufw allow from 10.34.1.10
    ufw allow proto tcp from 10.34.1.15 to any port 22

    ufw default allow routed

     /etc/sysctl.conf

    net.ipv4.icmp_echo_ignore_all=1

  • 相关阅读:
    一只简单的网络爬虫(基于linux C/C++)————Url处理以及使用libevent进行DNS解析
    一只简单的网络爬虫(基于linux C/C++)————浅谈并发(IO复用)模型
    一只简单的网络爬虫(基于linux C/C++)————支持动态模块加载
    一只简单的网络爬虫(基于linux C/C++)————守护进程
    培训班出身的程序员怎么了
    【技术人成长】知识铺
    几篇QEMU/KVM代码分析文章
    用callgraph生成的两张函数调用关系图
    Qemu对x86静态内存布局的模拟
    KVM技术
  • 原文地址:https://www.cnblogs.com/ruiy/p/14257205.html
Copyright © 2011-2022 走看看