1.设置selinux端口
[root@hn ~]# semanage port -l|grep ssh -bash: semanage: 未找到命令 [root@hn ~]# whereis semanage semanage:
缺少semanage,需要安装net-tools (这个包同时还包含了ifconfig,否则只能用ip addr看了~)
[root@hn ~]# yum install net-tools [root@hn ~]# semanage port -l|grep ssh -bash: semanage: 未找到命令
安装后还是提示未找到,还需要安装policycoreutils-python
[root@hn ~]# yum -y install policycoreutils-python
[root@hn ~]# semanage port -l|grep ssh ssh_port_t tcp 22 [root@hn ~]# semanage port -a -t ssh_port_t -p tcp 12345 [root@hn ~]# semanage port -l|grep ssh ssh_port_t tcp 12345, 22
如果要添加mysql端口,可以: semanage port -a -t mysqld_port_t -p tcp 3306
2.设置firewalld里的端口(特定ip参考:http://www.z4zr.com/page/1006.html, 更多可参考: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html/Security_Guide/sec-Using_Firewalls.html)
[root@hn ~]# systemctl status firewalld
firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled)
Active: active (running) since 六 2015-10-17 15:51:47 CST; 3h 5min ago
Main PID: 807 (firewalld)
CGroup: /system.slice/firewalld.service
└─807 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
10月 17 15:51:46 hn.kd.ny.adsl systemd[1]: Starting firewalld - dynamic firewall daemon...
10月 17 15:51:47 hn.kd.ny.adsl systemd[1]: Started firewalld - dynamic firewall daemon.
[root@hn ~]# firewall-cmd --zone=public --add-port=12345/tcp --permanent
success
[root@hn ~]# firewall-cmd --query-port=12345/tcp
no
[root@hn ~]# systemctl reload firewalld
[root@hn ~]# firewall-cmd --query-port=12345/tcp
FirewallD is not running
[root@hn ~]# firewall-cmd --query-port=12345/tcp
FirewallD is not running
[root@hn ~]# systemctl start firewalld
[root@hn ~]# firewall-cmd --query-port=12345/tcp
yes
如果添加mysql端口,使其可局部访问,则:firewall-cmd --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.0.4/24" port protocol="tcp" port="3306" accept" --permanent
3.修改sshd_config中的Port
[root@hn ~]# vi /etc/ssh/sshd_config Port 12345
[root@hn ~]# systemctl restart sshd.service
4.测试