zoukankan      html  css  js  c++  java

  • linux防火墙配置

    1、Centos6:

    iptables -P OUTPUT ACCEPT 

    iptables -P FORWARD ACCEPT

    iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

    iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

    iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

    iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

    iptables -P INPUT DROP 最后一步

    2、Centos7配置:

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld


    --测试环境
    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
    firewall-cmd --reload

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    停止防火墙:

    systemctl stop firewalld

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"

    firewall-cmd --reload

    firewall-cmd --list-all

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp
    firewall-cmd --permanent --zone=drop --add-port=8080/tcp
    firewall-cmd --permanent --zone=drop --add-port=8081/tcp
    firewall-cmd --permanent --zone=drop --add-port=8082/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8080/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8081/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8082/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all
  • 相关阅读:
    论文摘要
    memset/memcpy/strcpy
    error C2259: 'CException' : cannot instantiate abstract class解决
    IplImage 结构
    图像的深度和通道概念
    Oracle11g安装教程
    LSTM理解
    卷积神经网络CNN
    常见激活函数的介绍和总结
    TFIDF算法介绍
  • 原文地址:https://www.cnblogs.com/zhoading/p/15160054.html
Copyright © 2011-2022 走看看