zoukankan      html  css  js  c++  java
  • linux防火墙配置

    1、Centos6:

    iptables -P OUTPUT ACCEPT 

    iptables -P FORWARD ACCEPT

    iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

    iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

    iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

    iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

    iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

    iptables -P INPUT DROP 最后一步

    2、Centos7配置:

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld


    --测试环境
    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
    firewall-cmd --reload

    #!/bin/bash

    systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
    systemctl status firewalld
    systemctl start firewalld

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    停止防火墙:

    systemctl stop firewalld

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"

    firewall-cmd --reload

    firewall-cmd --list-all

    --正式环境

    firewall-cmd --set-default-zone=drop

    firewall-cmd --permanent --zone=drop --add-service=https
    firewall-cmd --permanent --zone=drop --add-service=http
    firewall-cmd --permanent --zone=drop --add-service=ssh
    firewall-cmd --permanent --zone=drop --add-protocol=icmp
    firewall-cmd --permanent --zone=drop --add-masquerade
    firewall-cmd --permanent --zone=drop --add-port=22/tcp
    firewall-cmd --permanent --zone=drop --add-port=8080/tcp
    firewall-cmd --permanent --zone=drop --add-port=8081/tcp
    firewall-cmd --permanent --zone=drop --add-port=8082/tcp


    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

    删除:

    firewall-cmd --permanent --zone=drop --remove-service=https
    firewall-cmd --permanent --zone=drop --remove-service=http
    firewall-cmd --permanent --zone=drop --remove-service=ssh
    firewall-cmd --permanent --zone=drop --remove-protocol=icmp
    firewall-cmd --permanent --zone=drop --remove-masquerade
    firewall-cmd --permanent --zone=drop --remove-port=22/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8080/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8081/tcp
    firewall-cmd --permanent --zone=drop --remove-port=8082/tcp


    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.1" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.2" accept"
    firewall-cmd --permanent --zone=drop --remove-rich-rule="rule family="ipv4" source address="172.22.40.3" accept"


    firewall-cmd --reload

    firewall-cmd --list-all

  • 相关阅读:
    Linux终端设置免密登陆ssh(以 XShell 为例)
    Docker入门(一)-安装
    find命令总结
    CentOS 恢复 rm -rf 误删除数据
    CentOS系统登陆root用户后发现提示符显示-bash-4.2#(已解决)
    一次在CentOS系统单用户模式下使用passwd命令破密失败的案例
    Ubuntu下配置IP地址
    安装CentOS 6.x报错"Disk sda contains BIOS RAID metadata"解决方法
    YUM命令总结
    git从安装到多账户操作一套搞定(二)多账户使用
  • 原文地址:https://www.cnblogs.com/zhoading/p/15160054.html
Copyright © 2011-2022 走看看