• oenstack firewalld ufw

    firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '



    所有计算
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022"  accept" --zone=internal



    ubuntu14
    ufw delete allow ssh
    ufw allow proto tcp from 10.34.1.15 to any port 22





    CentOS7

    计算节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535"  accept"



    控制节点
    systemctl start firewalld.service
    firewall-cmd --zone=internal --change-interface=em1 --permanent
    firewall-cmd --zone=trusted --change-interface=em2 --permanent
    firewall-cmd --remove-service=ssh --permanent
    firewall-cmd --set-default-zone=internal
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535"  accept"

    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80"  accept"
    firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080"  accept"



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211
    ufw allow proto tcp from 10.34.1.2 to any port 5900
    ufw allow proto tcp from 10.34.1.2 to any port 5901
    ufw allow proto tcp from 10.34.1.2 to any port 5902
    ufw allow proto tcp from 10.34.1.2 to any port 5903
    ufw allow proto tcp from 10.34.1.2 to any port 5903



    ufw allow proto tcp from 10.34.1.2 to any port 3306
    ufw allow proto tcp from 10.34.1.2 to any port 2379
    ufw allow proto tcp from 10.34.1.2 to any port 11211

    ufw allow proto tcp from 10.34.1.5 to any port 3306
    ufw allow proto tcp from 10.34.1.5 to any port 2379
    ufw allow proto tcp from 10.34.1.5 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 3306
    ufw allow proto tcp from 10.34.1.9 to any port 2379
    ufw allow proto tcp from 10.34.1.9 to any port 11211

    ufw allow proto tcp from 10.34.1.9 to any port 5672
    ufw allow proto tcp from 10.34.1.9 to any port 2380
    ufw allow proto tcp from 10.34.1.9 to any port 4369



    ufw allow proto tcp from 10.34.1.15 to any port 22


    ufw allow proto udp from 10.34.1.2 to any port 123

    ufw allow proto tcp from 10.34.1.2 to any port 5672



    ufw allow proto tcp from 10.34.1.10 to any port 5901
    ufw allow proto tcp from 10.34.1.10 to any port 5902
    ufw allow proto tcp from 10.34.1.10 to any port 5903
    ufw allow proto tcp from 10.34.1.10 to any port 5904
    ufw allow proto tcp from 10.34.1.10 to any port 5905
    ufw allow proto tcp from 10.34.1.10 to any port 5906
    ufw allow proto tcp from 10.34.1.10 to any port 5907
    ufw allow proto tcp from 10.34.1.10 to any port 5908
    ufw allow proto tcp from 10.34.1.10 to any port 5909


    ufw allow from 10.34.1.10
    ufw allow proto tcp from 10.34.1.15 to any port 22

    ufw default allow routed

     /etc/sysctl.conf

    net.ipv4.icmp_echo_ignore_all=1
  • 相关阅读:
    POJ 1363
    HDU 1251(trie树)
    POJ 2081
    NYOJ 3(多边形重心)
    电子琴源码
    POJ 2503
    推荐些在线小制作小工具
    C# 在 webBrowser 光标处插入 html代码 .
    IIS自动安装程序(免费)
    developer express右键菜单显示汉化
  • 原文地址:https://www.cnblogs.com/ruiy/p/14257205.html
Copyright © 2020-2023  润新知