RHEL7配置firewall防火牆策略

本文轉載自查看原文 2020-05-07 18:17 652 運維/ firewall/ linux/ 操作系統

#1、啟動firewalld服務

systemctl restart firewalld.service && systemctl enable firewalld.service

#2、添加默策略zone默認為public 先添加SSH通訊IP

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.17" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.148" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.149" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.18" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.19" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.161" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.14.186" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.14.187" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.14.188" port protocol="tcp" port="22" accept"

#3、添加應用的防火牆
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.116" port protocol="tcp" port="10050" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.146" port protocol="tcp" port="10050" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.89.147" port protocol="tcp" port="10050" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.60.152" port protocol="tcp" port="16379" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.71" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.72" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.30.115" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.1" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.2" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.3" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.34.4" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.34.1" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.34.2" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.60.0/24" port protocol="tcp" port="8080" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="8.9.60.0/24" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.71" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.72" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.73" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.74" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="7.99.7.75" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="9.8.8.133" port protocol="tcp" port="18890" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="9.8.8.134" port protocol="tcp" port="18890" accept"

#3、去掉默認的ssh服務由2中的添加授信客戶端通過22端口訪問
firewall-cmd --permanent --remove-service=ssh

#4、更新策略
firewall-cmd --reload

#5、驗證策略

免責聲明！

本站轉載的文章為個人學習借鑒使用，本站對版權不負任何法律責任。如果侵犯了您的隱私權益，請聯系本站郵箱yoyou2525@163.com刪除。

猜您在找 RHEL7防火牆策略設置【RHEL7/CentOS7防火牆之firewall-cmd命令詳解】 RHEL7、CentOS7防火牆管理 firewall防火牆基礎配置 Centos7 配置防火牆 firewall 防火牆技術配置基於區域策略的防火牆 iptables和firewall防火牆 openwrt防火牆firewall Firewall 防火牆規則配置基於區域策略的防火牆