zoukankan      html  css  js  c++  java
  • CentOS7 Firewalld配置

    开启防火墙

    sudo systemctl start firewalld.service 
    sudo systemctl enable firewalld.service 
    

    创建脚本路径

    mkdir -p /usr/local/feng/firewalld
    

    设置icmp拦截

    写入文档
    cat << 'EOF' | sudo tee /usr/local/feng/firewalld/icmp.rule
    #!/bin/bash
    
    PATH=/sbin:/usr/sbin:/bin:/usr/bin:/usr/local/sbin:/usr/local/bin; export PATH
    
    # 设置icmp拦截
    AICMP="destination-unreachable echo-request echo-reply parameter-problem redirect router-advertisement router-solicitation source-quench time-exceeded"
    
    for tyicmp in $AICMP
    
    do
         firewall-cmd --permanent --add-icmp-block=${tyicmp}
    done
    
    firewall-cmd --reload
    EOF
    
    # 然后执行
    bash /usr/local/feng/firewalld/icmp.rule
    

    防止暴力破解

    cat << 'EOF' | sudo tee /usr/local/feng/firewalld/firewall.deny
    tail /var/log/secure -n 10000 |awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}' | sort -g -t '=' -k2 > /tmp/black.txt #尝试登录的次数和ip
    DEFINE="3"  #单个ip尝试登录最大值
    
    for i in `cat /tmp/black.txt`
    do
        IP=`echo $i |awk -F= '{print $1}'`
        NUM=`echo $i|awk -F= '{print $2}'`
        if [ $NUM -gt $DEFINE ]; then
            grep $IP /etc/hosts.deny > /dev/null
            if [ $? -gt 0 ]; then
                firewall-cmd --zone=drop --permanent --add-source=$IP
            fi
        fi
    done
    firewall-cmd  --reload
    EOF
    
    # 然后执行
    bash /usr/local/feng/firewalld/firewall.deny
    

    配置自动添加ip拦截

    echo "30 * * * * root bash /usr/local/feng/firewalld/firewall.deny" | sudo tee -a /etc/crontab
    
  • 相关阅读:
    PHP删除文件
    PHP定时执行任务
    PHP设置30秒内对页面的访问次数
    PHP抓取网页内容的几种方法
    QQ,新浪,SNS等公众平台的登录及api操作
    php,javascript设置和读取cookie
    php验证邮箱,手机号是否正确
    php自定义加密和解密
    Linux下安装启动多个Mysql
    linux-gcc 编译时头文件和库文件搜索路径
  • 原文地址:https://www.cnblogs.com/testopsfeng/p/13905253.html
Copyright © 2011-2022 走看看