zoukankan      html  css  js  c++  java

  • linux防火墙配置

    1、Centos6:

    iptables -P OUTPUT ACCEPT 

    iptables -P FORWARD ACCEPT

    iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

    iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

    iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

    iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

    iptables -P INPUT DROP 最后一步

    2、Centos7配置:

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld


    --测试环境
    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
    firewall-cmd --reload

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    停止防火墙:

    systemctl stop firewalld

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"

    firewall-cmd --reload

    firewall-cmd --list-all

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp
    firewall-cmd --permanent --zone=drop --add-port=8080/tcp
    firewall-cmd --permanent --zone=drop --add-port=8081/tcp
    firewall-cmd --permanent --zone=drop --add-port=8082/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8080/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8081/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8082/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all
  • 相关阅读:
    队列加分项
    队列课下作业
    20162306 2017-2018-1 《程序设计与数据结构》第7周学习总结
    20162306 2017-2018-1 《程序设计与数据结构》第5周学习总结
    20162306陈是奇 第一次实验报告
    20162306 2017-2018-1 《程序设计与数据结构》第3周学习总结
    20162306 陈是奇 2017-2018-1 《程序设计与数据结构》第1周学习总结
    数据库实验补充
    2017-2018-1 20162304 实验二 树
    队列加分项
  • 原文地址:https://www.cnblogs.com/zhoading/p/15160054.html
Copyright © 2011-2022 走看看