zoukankan      html  css  js  c++  java

  • CentOS7 Firewalld配置

    开启防火墙

    sudo systemctl start firewalld.service 
sudo systemctl enable firewalld.service

    创建脚本路径

    mkdir -p /usr/local/feng/firewalld

    设置icmp拦截

    写入文档
cat << 'EOF' | sudo tee /usr/local/feng/firewalld/icmp.rule
#!/bin/bash

PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin; export PATH

# 设置icmp拦截
AICMP="destination-unreachable echo-request echo-reply parameter-problem redirect router-advertisement router-solicitation source-quench time-exceeded"

for tyicmp in $AICMP

do
     firewall-cmd --permanent --add-icmp-block=${tyicmp}
done

firewall-cmd --reload
EOF

# 然后执行
bash /usr/local/feng/firewalld/icmp.rule

    防止暴力破解

    cat << 'EOF' | sudo tee /usr/local/feng/firewalld/firewall.deny
tail /var/log/secure -n 10000 |awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' | sort -g -t '=' -k2 > /tmp/black.txt #尝试登录的次数和ip
DEFINE="3"  #单个ip尝试登录最大值

for i in `cat /tmp/black.txt`
do
    IP=`echo $i |awk -F= '{print $1}'`
    NUM=`echo $i|awk -F= '{print $2}'`
    if [ $NUM -gt $DEFINE ]; then
        grep $IP /etc/hosts.deny > /dev/null
        if [ $? -gt 0 ]; then
            firewall-cmd --zone=drop --permanent --add-source=$IP
        fi
    fi
done
firewall-cmd  --reload
EOF

# 然后执行
bash /usr/local/feng/firewalld/firewall.deny

    配置自动添加ip拦截

    echo "30 * * * * root bash /usr/local/feng/firewalld/firewall.deny" | sudo tee -a /etc/crontab
  • 相关阅读:
    运算符
    java--有关前台展示图片流的用法
    TortoiseSVN--Subversion客户端使用详解及问题解决
    SVN 文件的解锁方法
    JDBC中获取数据表的信息
    tomcat配置文件解决乱码问题
    正则表达式常用匹配
    Java:如何选择最为合适的Web开发框架
    键盘enter事件 兼容FF和IE和Opera
    PayPal 支付接口详解
  • 原文地址:https://www.cnblogs.com/testopsfeng/p/13905253.html
Copyright © 2011-2022 走看看