系統SUSE Linux Enterprise Server 12 SP5 (x86_64)
1、打開/關閉/查看防火牆
防火牆的服務名稱為:SuSEfirewall2.service
防火牆關停操作
systemctl start/stop/status SuSEfirewall2.service
2、開放端口
修改防火牆配置
vi /etc/sysconfig/SuSEfirewall2
在文件中找到FW_SERVICES_EXT_TCP,在其后面加上服務名或者是服務對應的端口
如果要開放多個端口則為 FW_SERVICES_EXT_TCP="22 80 8090"
3、放行VRRP協議 (用於keepalived搭建高可用規則)
vi /etc/sysconfig/SuSEfirewall2
將下面這行的注釋去掉
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
並將下面這行注釋掉
FW_CUSTOMRULES=""
然后
vi /etc/sysconfig/scripts/SuSEfirewall2-custom
fw_custom_before_port_handling() {
# these rules will be loaded after the anti-spoofing and icmp handling
# and after the input has been redirected to the input_XXX and
# forward_XXX chains and some basic chain-specific anti-circumvention
# rules have been set,
# but before any IP protocol or TCP/UDP port allow/protection rules
# will be set.
# You can use this hook to allow/deny certain IP protocols or TCP/UDP
# ports before the SuSEfirewall2 generated rules are hit.
#添加下面這行
iptables -A INPUT -p vrrp -j ACCEPT -d 224.0.0.18
true
}