zoukankan      html  css  js  c++  java

  • linux防火墙配置

    1、Centos6:

    iptables -P OUTPUT ACCEPT 

    iptables -P FORWARD ACCEPT

    iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

    iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

    iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

    iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

    iptables -P INPUT DROP 最后一步

    2、Centos7配置:

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld


    --测试环境
    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
    firewall-cmd --reload

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    停止防火墙:

    systemctl stop firewalld

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"

    firewall-cmd --reload

    firewall-cmd --list-all

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp
    firewall-cmd --permanent --zone=drop --add-port=8080/tcp
    firewall-cmd --permanent --zone=drop --add-port=8081/tcp
    firewall-cmd --permanent --zone=drop --add-port=8082/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8080/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8081/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8082/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all
  • 相关阅读:
    localStorage cache
    webpack的学习过程
    npm install --save/--save-dev的区别
    .gitignore常见问题
    jQuery的优点与缺点
    JSONP是什么
    Node.js-Usage & Example
    【转】Swig Getting Started
    【转】使用Spring MVC统一异常处理实战
    C++-Qt【5】-QT的QString,char*,QByteArray转化以及中文乱码的问题
  • 原文地址:https://www.cnblogs.com/zhoading/p/15160054.html
Copyright © 2011-2022 走看看