centos7防火墙配置
2024-10-14 02:33:57
一、在工作中远程连接经常通过堡垒机连接,不能直接开启防火墙。所以就需要写入配置文件中
编译配置文件 /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<service name="ssh"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="22"/>
<rule family="ipv4">
<source address="172.21.0.16"/>
<port protocol="tcp" port="3306"/>
<accept/>
</rule>
</zone>
注释:
#开启端口 <port protocol="tcp" port="443"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="22"/> #开启ip+端口
<rule family="ipv4">
<source address="172.21.0.16"/>
<port protocol="tcp" port="3306"/>
<accept/>
</rule>
最后重启防火墙就可以了
systemctl restart firewalld.service #查看规则
[root@VM_0_14_centos html]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 80/tcp 22/tcp
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="172.21.0.16" port port="3306" protocol="tcp" accept
二、最主要的ssh端口用配置文件写其他规则就无所谓了!
命令直接写规则
#永久开启9090端口
firewall-cmd --zone=public --add-port=9090/tcp --permanent #Postgresql端口设置。允许192.168.142.166访问5432端口 firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="172.27.0.2" port protocol="tcp" port="1521" accept"
最新文章
- c# 九九乘法表
- 4.4 多线程进阶篇<下>(NSOperation)
- MyEclipse10优化
- CentOS安装 Docker
- UCOS2_STM32F1移植详细过程(三)
- C++ Template之函数模版
- Mail搭建
- Entity Framework 之三层架构
- css之background的cover和contain的缩放背景图
- JavaScript中模块“写法”
- 二十六、css3改变checkbox复选框的样式
- 【ASP.NET MVC系列】浅谈ASP.NET MVC 视图与控制器传递数据
- Linux成为云计算平台的主流操作系统
- Win7上安装scapy
- 使用if语句时应注意的问题(初学者)
- oracle错误分析:ora-04063:view view_test has errors
- 雷林鹏分享:Ruby File 类和方法
- Ice_cream’s world II(最小树形图,加虚点)
- mysql索引之五:多列索引
- 24-THREE.JS 镜面高光材质