linux防火墙配置

2021/8/20 7:07:24

本文主要是介绍linux防火墙配置,对大家解决编程问题具有一定的参考价值,需要的程序猿们随着小编来一起学习吧!

1、Centos6:

iptables -P OUTPUT ACCEPT 

iptables -P FORWARD ACCEPT

iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

 

iptables -P INPUT DROP 最后一步

 

 

2、Centos7配置:

#!/bin/bash

systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
systemctl status firewalld
systemctl start firewalld


--测试环境
firewall-cmd --set-default-zone=drop

firewall-cmd --permanent --zone=drop --add-service=https
firewall-cmd --permanent --zone=drop --add-service=http
firewall-cmd --permanent --zone=drop --add-service=ssh
firewall-cmd --permanent --zone=drop --add-protocol=icmp
firewall-cmd --permanent --zone=drop --add-masquerade
firewall-cmd --permanent --zone=drop --add-port=22/tcp


firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
firewall-cmd --reload

 

 

#!/bin/bash

systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
systemctl status firewalld
systemctl start firewalld

 

--正式环境

firewall-cmd --set-default-zone=drop

firewall-cmd --permanent --zone=drop --add-service=https
firewall-cmd --permanent --zone=drop --add-service=http
firewall-cmd --permanent --zone=drop --add-service=ssh
firewall-cmd --permanent --zone=drop --add-protocol=icmp
firewall-cmd --permanent --zone=drop --add-masquerade
firewall-cmd --permanent --zone=drop --add-port=22/tcp


firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


firewall-cmd --reload

 



这篇关于linux防火墙配置的文章就介绍到这儿,希望我们推荐的文章对大家有所帮助,也希望大家多多支持为之网!


扫一扫关注最新编程教程