zoukankan      html  css  js  c++  java
  • firewall&iptables

    一、firewall

    1. 查看firewall状态

      firewall-cmd --state


    2. 如果firewall为关闭状态,先启动firewall

      systemctl start firewalld

    3. 添加firewall指令

      firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=162 protocol=udp to-port=20162'
      firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=161 protocol=udp to-port=20161'
      firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=514 protocol=udp to-port=20514'
      firewall-cmd --permanent --zone=public --add-port=8885/tcp
      firewall-cmd --permanent --zone=public --add-port=9092/tcp
      firewall-cmd --permanent --zone=public --add-port=161/tcp
      firewall-cmd --permanent --zone=public --add-port=162/tcp
      firewall-cmd --permanent --zone=public --add-port=514/udp
      firewall-cmd --permanent --zone=public --add-port=20161/tcp
      firewall-cmd --permanent --zone=public --add-port=20162/tcp
      firewall-cmd --permanent --zone=public --add-port=20514/udp
      firewall-cmd --permanent --zone=public --add-port=9996/udp
      firewall-cmd --permanent --zone=public --add-port=8082/tcp

    4. 删除指令

      firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" forward-port="514" protocol="udp" tp-port="20514" '
    1. 重新加载firewall策略

      firewall-cmd --reload

    2. 查看新策略是否生效

      firewall-cmd --list-all

    二、Iptables

    1. 安装iptables
      yum install iptables-services

    2. 启动iptables
      service iptables restart

    3. 查看iptables状态
      systemctl status firewalld.service

    4. 添加iptables端口转发策略

      iptables -t nat -A PREROUTING -p udp -m udp --dport 162 -j REDIRECT --to-ports 20162

      iptables -t nat -A PREROUTING -p udp -m udp --dport 161 -j REDIRECT --to-ports 20161

      iptables -t nat -A PREROUTING -p udp -m udp --dport 514 -j REDIRECT --to-ports 20514


    5. 查看新策略是否生效
      iptables -t nat -L -n --line-numbers


    6. 删除规则
      iptables -L -n --line-numbers

                  

     

  • 相关阅读:
    Zero Copy
    内核态(Kernel Mode)与用户态(User Mode)
    Netty端口被占用问题
    AsyncHttpClient的连接池使用逻辑
    HashMap 与 ConcurrentHashMap
    Java NIO Test Case
    Netty writeAndFlush() 流程与异步
    Java 文件路径相关
    代理的匿名程度
    Netty堆外内存泄露排查与总结
  • 原文地址:https://www.cnblogs.com/shwang/p/12015678.html
Copyright © 2011-2022 走看看