zoukankan      html  css  js  c++  java

  • linux防火墙配置

    1、Centos6:

    iptables -P OUTPUT ACCEPT 

    iptables -P FORWARD ACCEPT

    iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

    iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

    iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

    iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

    iptables -P INPUT DROP 最后一步

    2、Centos7配置:

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld


    --测试环境
    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
    firewall-cmd --reload

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    停止防火墙:

    systemctl stop firewalld

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"

    firewall-cmd --reload

    firewall-cmd --list-all

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp
    firewall-cmd --permanent --zone=drop --add-port=8080/tcp
    firewall-cmd --permanent --zone=drop --add-port=8081/tcp
    firewall-cmd --permanent --zone=drop --add-port=8082/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8080/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8081/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8082/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all
  • 相关阅读:
    Linux初学
    Linux初学
    EntityFramework IEnumerable,IQueryable ,Include
    EntityFramework 4/5/6 中执行自定义SQL语句
    ServiceStack Web Service 创建与调用简单示列
    ServiceStack 概念
    Couchbase 环境搭建与使用(C#)
    Redis 环境搭建与使用(C#)
    分享几段JavaScript
    Activemq 平台搭建与C#示列
  • 原文地址:https://www.cnblogs.com/zhoading/p/15160054.html
Copyright © 2011-2022 走看看