5月 132016
 

开放http/80,https/443服务
限定ssh/22服务只能从内网10.169.138.158访问
限定udp/161端口只能从内网10.169.138.158访问

[root@localhost ~]# firewall-cmd --permanent --add-service=http
success
[root@localhost ~]# firewall-cmd --permanent --add-service=https
success
[root@localhost ~]# firewall-cmd --permanent --add-port=161/udp
success
[root@localhost ~]# firewall-cmd --permanent --remove-service=ssh
success
[root@localhost ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.169.138.158/24" service name="ssh" accept"
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (default)
 interfaces:
 sources:
 services: dhcpv6-client http https
 ports: 161/udp
 masquerade: no
 forward-ports:
 icmp-blocks:
 rich rules:
 rule family="ipv4" source address="10.169.138.158/24" service name="ssh" accept
[root@localhost ~]#

[root@localhost ~]# firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.169.138.158/24" destination address="10.46.128.24/24" port port="161" protocol="udp" accept"
success
[root@localhost ~]# firewall-cmd --permanent --remove-port=161/dup
success
[root@localhost ~]# firewall-cmd --reload
success
[root@localhost ~]# firewall-cmd --list-all
public (default)
 interfaces:
 sources:
 services: dhcpv6-client http https
 ports: 
 masquerade: no
 forward-ports:
 icmp-blocks:
 rich rules:
 rule family="ipv4" source address="10.169.138.158/24" service name="ssh" accept
 rule family="ipv4" source address="10.169.138.158/24" destination address="10.46.128.24/24" port port="161" protocol="udp" accept
[root@localhost ~]#

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

(required)

(required)

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据