linux系统中firewalld防火墙策略工具firewall-config命令设置富规则

本文转载自查看原文 2020-11-07 21:16 562 linux shell

准备两台虚拟及PC1和PC2，设置PC1拒绝PC2访问PC1的22端口

1、

[root@PC1linuxprobe Desktop]# ifconfig | head -n 3 ## 查看PC1IP eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe20:bf5e prefixlen 64  scopeid 0x20<link>

[root@PC2linuxprobe Desktop]# ifconfig | head -n 3 ## 查看PC2IP eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe15:20b6 prefixlen 64  scopeid 0x20<link> [root@PC2linuxprobe Desktop]# ping -c 3 192.168.10.10 ## 联通 PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data. 64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.235 ms 64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.230 ms 64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.220 ms --- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.220/0.228/0.235/0.013 ms [root@PC2linuxprobe Desktop]# ssh 192.168.10.10 ## 测试远程登录，通过 root@192.168.10.10's password: 
Last login: Sat Nov  7 20:57:14 2020 from 192.168.10.20 [root@PC1linuxprobe ~]# ifconfig | head -n 3 eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe20:bf5e prefixlen 64  scopeid 0x20<link> [root@PC1linuxprobe ~]# exit logout Connection to 192.168.10.10 closed.

2、在PC1中设置富规则

3、在PC2主机中测试

[root@PC2linuxprobe Desktop]# ifconfig | head -n 3 ## 查看IP eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500 inet 192.168.10.20  netmask 255.255.255.0  broadcast 192.168.10.255 inet6 fe80::20c:29ff:fe15:20b6 prefixlen 64  scopeid 0x20<link> [root@PC2linuxprobe Desktop]# ping -c 3 192.168.10.10 ## 联通 PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data. 64 bytes from 192.168.10.10: icmp_seq=1 ttl=64 time=0.220 ms 64 bytes from 192.168.10.10: icmp_seq=2 ttl=64 time=0.204 ms 64 bytes from 192.168.10.10: icmp_seq=3 ttl=64 time=0.221 ms --- 192.168.10.10 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms rtt min/avg/max/mdev = 0.204/0.215/0.221/0.007 ms [root@PC2linuxprobe Desktop]# ssh 192.168.10.10 ## 无法远程登录（22端口为ssh服务） ssh: connect to host 192.168.10.10 port 22: Connection refused

4、在PC1中移除富规则

在PC2中测试：

[root@PC2linuxprobe Desktop]# ssh 192.168.10.10  ## 可以远程登录
root@192.168.10.10's password: 
Last login: Sat Nov  7 21:03:05 2020 from 192.168.10.20
[root@PC1linuxprobe ~]# ifconfig | head -n 3
eno16777728: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.10  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fe20:bf5e  prefixlen 64  scopeid 0x20<link>
[root@PC1linuxprobe ~]# exit
logout
Connection to 192.168.10.10 closed.

免责声明！

本站转载的文章为个人学习借鉴使用，本站对版权不负任何法律责任。如果侵犯了您的隐私权益，请联系本站邮箱yoyou2525@163.com删除。

猜您在找 Firewalld防火墙（包含firewall-config图形工具和firewall-cmd命令行工具如何使用） Linux之firewalld防火墙规则 linux 防火墙 firewall 设置 Firewall 防火墙规则 Linux防火墙iptables规则设置 LINUX CentOS 8 systemctl firewall 防火墙开启/关闭命令 Linux中的iptables防火墙策略 Linux下系统防火墙的发展历程和怎样学好防火墙（iptalbes和firewalld） centos7 firewall-cmd 用活firewalld防火墙中的zone centos7 firewall-cmd 理解多区域配置中的 firewalld 防火墙