页次: 1
iptalbe遵从至上而下优先级,匹配之后即终止next
##---------for centos6.* iptables-----------
cat > /etc/sysconfig/iptables <<END
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m tcp -p tcp -s 127.0.0.1 -j ACCEPT
-A INPUT -m tcp -p tcp -s 192.164.40.0/24 -j ACCEPT
-A INPUT -m tcp -p tcp -s 192.164.132.0/24 -j ACCEPT
-A INPUT -m tcp -p tcp -s 192.166.51.0/24 -j ACCEPT
-A INPUT -m tcp -p tcp -s 192.159.63.0/24 -j ACCEPT
-A INPUT -m tcp -p tcp -s 0.0.0.0/0 -j DROP
COMMIT
END
service iptables start
firewalld 通过指定INPUT后面的标记id指定优先级,id越低优先级越高,0最高
##------ for centos7 -------
/bin/cp -f /usr/lib/firewalld/zones/trusted.xml /etc/firewalld/zones/
sed -i 's#DefaultZone=public#DefaultZone=trusted#g' /etc/firewalld/firewalld.conf
systemctl start firewalld
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 127.0.0.1 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 10.10.0.0/16 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 192.164.40.0/24 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 192.164.132.0/24 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 192.166.51.0/24 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 192.159.63.0/24 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 10 -p tcp -s 0.0.0.0/0 -j DROP
firewall-cmd --reload
最近编辑记录 小天天 (2022-01-17 22:29:40)
离线
firewall.sh
#!/bin/bash
/bin/cp -f /usr/lib/firewalld/zones/trusted.xml /etc/firewalld/zones/
sed -i 's#DefaultZone=public#DefaultZone=trusted#g' /etc/firewalld/firewalld.conf
systemctl stop iptables
systemctl start firewalld
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 127.0.0.1 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -s 192.164.132.5 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp --dport 22 -s 192.164.132.90 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 192.164.132.0/24 -m multiport --dport 6379,80,8080,8081,8090,8070,3306,873 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -p tcp -s 192.164.40.0/24 -m multiport --dport 6379,80,8080,8081,8090,8070,3306,873 -j ACCEPT
firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 100 -p tcp -m multiport --dport 6379,80,8080,8081,8090,8070,3306,873 -j DROP
离线
页次: 1
![[点击收藏]](https://laxin.info/img/members/2/wai-mai.jpg){kind=link}
![[点击收藏]](https://laxin.info/img/members/2/jia-you.jpg ){kind=link}
![[点击收藏] 4,打车-滴滴优惠](https://laxin.info/img/members/2/dian-ying-cRKA.jpg ){kind=link}
![[点击收藏]](https://laxin.info/img/members/2/da-che-YQCc.jpg){kind=link}
![[点击收藏]](http://laxin.info/img/ytrj.jpg){kind=link}
![[免费领取]](http://laxin.info/img/2/1721981819_1.jpg){kind=link}