RHEL7配置firewall防火墙策略

本文转载自查看原文 2020-05-07 18:17 652 运维/ firewall/ linux/ 操作系统

#1、启动firewalld服务

systemctl restart firewalld.service && systemctl enable firewalld.service

#2、添加默策略zone默认为public 先添加SSH通讯IP

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.17" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.148" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.149" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.18" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.19" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.161" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.14.186" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.14.187" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.14.188" port protocol="tcp" port="22" accept"

#3、添加应用的防火墙
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.116" port protocol="tcp" port="10050" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.146" port protocol="tcp" port="10050" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.147" port protocol="tcp" port="10050" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.60.152" port protocol="tcp" port="16379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.71" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.72" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.30.115" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.1" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.2" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.3" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.4" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.34.1" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.34.2" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.60.0/24" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.60.0/24" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.71" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.72" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.73" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.74" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.75" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="9.8.8.133" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="9.8.8.134" port protocol="tcp" port="18890" accept"

#3、去掉默认的ssh服务由2中的添加授信客户端通过22端口访问
firewall-cmd --permanent --remove-service=ssh

#4、更新策略
firewall-cmd --reload

#5、验证策略

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 RHEL7防火墙策略设置 RHEL7、CentOS7防火墙管理 firewall防火墙基础配置 Centos7 配置防火墙 firewall Firewall 防火墙规则策略防火墙防火墙策略 Linux学习之八--关闭firewall防火墙安装iptables并配置 CentOS7 防火墙配置firewall-cmd RHEL8/CentOS8的基础防火墙配置-用例