oenstack firewalld ufw

原创

mb61b9f9821005c 2021-12-23 15:29:58 ©著作权

©著作权归作者所有：来自51CTO博客作者mb61b9f9821005c的原创作品，请联系作者获取转载授权，否则将追究法律责任

firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '

所有计算

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022" accept" --zone=internal

ubuntu14

ufw delete allow ssh

ufw allow proto tcp from 10.34.1.15 to any port 22

CentOS7

计算节点

systemctl start firewalld.service

firewall-cmd --zone=internal --change-interface=em1 --permanent

firewall-cmd --zone=trusted --change-interface=em2 --permanent

firewall-cmd --remove-service=ssh --permanent

firewall-cmd --set-default-zone=internal

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535" accept"

控制节点

systemctl start firewalld.service

firewall-cmd --zone=internal --change-interface=em1 --permanent

firewall-cmd --zone=trusted --change-interface=em2 --permanent

firewall-cmd --remove-service=ssh --permanent

firewall-cmd --set-default-zone=internal

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80" accept"

firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080" accept"

ufw allow proto tcp from 10.34.1.2 to any port 3306

ufw allow proto tcp from 10.34.1.2 to any port 2379

ufw allow proto tcp from 10.34.1.2 to any port 11211

ufw allow proto tcp from 10.34.1.2 to any port 5900

ufw allow proto tcp from 10.34.1.2 to any port 5901

ufw allow proto tcp from 10.34.1.2 to any port 5902

ufw allow proto tcp from 10.34.1.2 to any port 5903

ufw allow proto tcp from 10.34.1.2 to any port 3306

ufw allow proto tcp from 10.34.1.2 to any port 2379

ufw allow proto tcp from 10.34.1.2 to any port 11211

ufw allow proto tcp from 10.34.1.5 to any port 3306

ufw allow proto tcp from 10.34.1.5 to any port 2379

ufw allow proto tcp from 10.34.1.5 to any port 11211

ufw allow proto tcp from 10.34.1.9 to any port 3306

ufw allow proto tcp from 10.34.1.9 to any port 2379

ufw allow proto tcp from 10.34.1.9 to any port 11211

ufw allow proto tcp from 10.34.1.9 to any port 5672

ufw allow proto tcp from 10.34.1.9 to any port 2380

ufw allow proto tcp from 10.34.1.9 to any port 4369

ufw allow proto tcp from 10.34.1.15 to any port 22

ufw allow proto udp from 10.34.1.2 to any port 123

ufw allow proto tcp from 10.34.1.2 to any port 5672

ufw allow proto tcp from 10.34.1.10 to any port 5901

ufw allow proto tcp from 10.34.1.10 to any port 5902

ufw allow proto tcp from 10.34.1.10 to any port 5903

ufw allow proto tcp from 10.34.1.10 to any port 5904

ufw allow proto tcp from 10.34.1.10 to any port 5905

ufw allow proto tcp from 10.34.1.10 to any port 5906

ufw allow proto tcp from 10.34.1.10 to any port 5907

ufw allow proto tcp from 10.34.1.10 to any port 5908

ufw allow proto tcp from 10.34.1.10 to any port 5909

ufw allow from 10.34.1.10

ufw allow proto tcp from 10.34.1.15 to any port 22

ufw default allow routed

/etc/sysctl.conf

net.ipv4.icmp_echo_ignore_all=1

上一篇：python pandas

下一篇：kvm qemu-img convert

提问和评论都可以，用心的回复会被更多人看到评论

发布评论

相关文章

官方博客	全部文章	热门标签	班级博客
了解我们	网站地图	意见反馈

鸿蒙开发者社区	51CTO学堂
51CTO	软考资讯