一、firewall
-
查看firewall状态
firewall-cmd --state
-
如果firewall为关闭状态,先启动firewall
systemctl start firewalld
-
添加firewall指令
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=162 protocol=udp to-port=20162'
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=161 protocol=udp to-port=20161'
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=514 protocol=udp to-port=20514'
firewall-cmd --permanent --zone=public --add-port=8885/tcp
firewall-cmd --permanent --zone=public --add-port=9092/tcp
firewall-cmd --permanent --zone=public --add-port=161/tcp
firewall-cmd --permanent --zone=public --add-port=162/tcp
firewall-cmd --permanent --zone=public --add-port=514/udp
firewall-cmd --permanent --zone=public --add-port=20161/tcp
firewall-cmd --permanent --zone=public --add-port=20162/tcp
firewall-cmd --permanent --zone=public --add-port=20514/udp
firewall-cmd --permanent --zone=public --add-port=9996/udp
firewall-cmd --permanent --zone=public --add-port=8082/tcp -
删除指令
firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" forward-port="514" protocol="udp" tp-port="20514" '
-
重新加载firewall策略
firewall-cmd --reload -
查看新策略是否生效
firewall-cmd --list-all
- 安装iptables
yum install iptables-services - 启动iptables
service iptables restart - 查看iptables状态
systemctl status firewalld.service - 添加iptables端口转发策略
iptables -t nat -A PREROUTING -p udp -m udp --dport 162 -j REDIRECT --to-ports 20162
iptables -t nat -A PREROUTING -p udp -m udp --dport 161 -j REDIRECT --to-ports 20161
iptables -t nat -A PREROUTING -p udp -m udp --dport 514 -j REDIRECT --to-ports 20514
- 查看新策略是否生效
iptables -t nat -L -n --line-numbers
- 删除规则
iptables -L -n --line-numbers
