防火墙配置
linux防火墙配置案例
路径位置
vim /etc/firewalld/zones/public.xml
重新加载命令
sudo firewall-cmd --reload
内容
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<rule family="ipv4">
<source address="11.141.0.0/16"/>
<port protocol="tcp" port="10022"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.230.68"/>
<port protocol="tcp" port="0-65535"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.230.183"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="210.44.247.2"/>
<accept/>
</rule>
<!--集群服务器IP-->
<rule family="ipv4">
<source address="11.141.230.152"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.230.151"/>
<accept/>
</rule>
<!--外网电脑临时ip配置-->
<rule family="ipv4">
<source address="11.141.212.146"/>
<accept/>
</rule>
<!--外网电脑临时ip配置end-->
<!--允许访问服务器项目的IP-->
<!-- 零度的电脑 -->
<rule family="ipv4">
<source address="11.141.214.17"/>
<accept/>
</rule>
<!-- ***的电脑ip -->
<rule family="ipv4">
<source address="11.141.213.184"/>
<accept/>
</rule>
<!-- **的电脑 -->
<rule family="ipv4">
<source address="11.141.215.105"/>
<accept/>
</rule>
<!-- **的电脑IP -->
<rule family="ipv4">
<source address="11.141.214.65"/>
<accept/>
</rule>
<!--所有11段IP能访问80端口-->
<rule family="ipv4">
<source address="11.141.0.0/16"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<!--**笔记本-->
<rule family="ipv4">
<source address="11.141.213.34"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.225.84"/>
<accept/>
</rule>
<!--*****系统测试-->
<rule family="ipv4">
<source address="11.141.230.160"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.225.29"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.225.64"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<!--****系统测试结束-->
<!--**管理系统测试-->
<rule family="ipv4">
<source address="11.141.229.4"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.212.188"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.230.167"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<!--**管理系统测试结束-->
<!--**管理系统测试-->
<rule family="ipv4">
<source address="11.141.212.6"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<!--**管理系统测试结束-->
<!--****系统测试-->
<rule family="ipv4">
<source address="11.141.230.164"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.225.71"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<!--****系统测试结束-->
<!---->
<rule family="ipv4">
<source address="11.141.215.237"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<!---->
<rule family="ipv4">
<source address="11.141.212.241"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.212.61"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.214.46"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.214.181"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.212.61"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="11.141.225.84"/>
<port protocol="tcp" port="80"/>
<accept/>
</rule>
<rule family="ipv4">
<source address="10.1.1.1"/>
<reject/>
</rule>
</zone>
