系统相关
首页 > 系统相关> > linux防火墙配置

linux防火墙配置

作者:互联网

1、Centos6:

iptables -P OUTPUT ACCEPT 

iptables -P FORWARD ACCEPT

iptables -A INPUT -s 192.168.200.178 -p all -j ACCEPT 

iptables -A INPUT -s 192.168.200.195 -p all -j ACCEPT

iptables -A INPUT -s 192.168.200.180 -p all -j ACCEPT

iptables -A INPUT -s 172.16.17.71 -p all -j ACCEPT

iptables -A INPUT -s 172.16.17.72 -p all -j ACCEPT

iptables -A INPUT -s 172.16.21.6 -p all -j ACCEPT

iptables -A INPUT -s 2.0.1.0/16 -p all -j ACCEPT

 

iptables -P INPUT DROP 最后一步

 

 

2、Centos7配置:

#!/bin/bash

systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
systemctl status firewalld
systemctl start firewalld


--测试环境
firewall-cmd --set-default-zone=drop

firewall-cmd --permanent --zone=drop --add-service=https
firewall-cmd --permanent --zone=drop --add-service=http
firewall-cmd --permanent --zone=drop --add-service=ssh
firewall-cmd --permanent --zone=drop --add-protocol=icmp
firewall-cmd --permanent --zone=drop --add-masquerade
firewall-cmd --permanent --zone=drop --add-port=22/tcp


firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.4.9" accept"
firewall-cmd --reload

 

 

#!/bin/bash

systemctl start firewalldsystemctl start firewalldsystemctl stop firewalld
systemctl status firewalld
systemctl start firewalld

 

--正式环境

firewall-cmd --set-default-zone=drop

firewall-cmd --permanent --zone=drop --add-service=https
firewall-cmd --permanent --zone=drop --add-service=http
firewall-cmd --permanent --zone=drop --add-service=ssh
firewall-cmd --permanent --zone=drop --add-protocol=icmp
firewall-cmd --permanent --zone=drop --add-masquerade
firewall-cmd --permanent --zone=drop --add-port=22/tcp


firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.39" accept"
firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.40" accept"
firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.41" accept"
firewall-cmd --permanent --zone=drop --add-rich-rule="rule family="ipv4" source address="192.168.133.42" accept"


firewall-cmd --reload

 

标签:配置,zone,--,cmd,防火墙,add,permanent,linux,drop
来源: https://www.cnblogs.com/zhoading/p/15160054.html