• iptables 设置指定IP客户端访问服务器redis端口

    一、需求描述

    服务器172.28.18.75开放了6379redis端口,由于没有设置登录密码,所以需要防火墙设置只能指定的IP地址172.28.5.125客户端访问redis端口

    二、查看172.28.18.75的防火墙规则

    [root@zabbix_server ~]# iptables -nvL
Chain INPUT (policy DROP 2 packets, 104 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 230K   23M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    9   708 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
   14  8190 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
   32  1681 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
  516 26832 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
  734 38168 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
  126  6776 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5672 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:15672 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25672 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:4369 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2222 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8078 
   29  1508 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8081 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8078 
   53  3122 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8079 
    3   164 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8075

    Chain INPUT (policy DROP 2 packets, 104 bytes)默认规则是禁止,那么只需要添加允许访问IP的规则即可


    三、添加规则:指定127.0.0.1的IP可以访问redis6379

    [root@zabbix_server ~]# iptables -A INPUT -s 127.0.0.1 -p tcp --dport 6379 -j ACCEPT

    在172.28.18.75上测试

    [root@zabbix_server ~]# redis-cli 
127.0.0.1:6379> get keys
(nil)

    四、添加规则:指定172.28.5.125P可以访问172.28.18.75的redis6379

    [root@zabbix_server ~]# iptables -A INPUT -s 172.28.5.125 -p tcp --dport 6379 -j ACCEPT

    查看规则

    [root@zabbix_server ~]# iptables -nvL
Chain INPUT (policy DROP 10 packets, 496 bytes)
 pkts bytes target     prot opt in     out     source               destination         
 466K   46M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED 
    9   708 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25601 
   24  8710 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80 
   62  3241 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3306 
 1054 54808 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:9000 
 1486 77272 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10050 
  254 13656 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:10051 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:3000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5672 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:15672 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:25672 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:4369 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:2222 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8078 
   59  3068 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8081 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:5000 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080 
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8078 
  104  5774 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8079 
    3   164 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8075 
    2   104 ACCEPT     tcp  --  *      *       127.0.0.1            0.0.0.0/0           tcp dpt:6379 
    0     0 ACCEPT     tcp  --  *      *       172.28.5.125         0.0.0.0/0           tcp dpt:6379

    在172.28.5.125上测试

    [root@redis-03 ~]# redis-cli -h 172.28.18.75
172.28.18.75:6379> get keys
(nil)

    访问成功

    五、添加规则:指定IP地址段172.28.146.1-172.28.146.252可以访问redis6379

    [root@zabbix_server ~]# iptables -A INPUT -s 172.28.146.1/252 -p tcp --dport 6379 -j ACCEPT

    六、保存规则

    [root@zabbix_server ~]# service iptables save 
iptables:将防火墙规则保存到 /etc/sysconfig/iptables:[确定]

    七、重启服务

    [root@zabbix_server ~]# service iptables restart
iptables:将链设置为政策 ACCEPT:filter [确定]
iptables:清除防火墙规则:[确定]
iptables:正在卸载模块:[确定]
iptables:应用防火墙规则:[确定]
  • 相关阅读:
    【笔记】Hierarchical Attention Networks for Document Classification
    Chart Parser 中 Earley's 算法的应用
    使用 JFlex 生成词法分析器的安装配置及简单示例
    UNIX 系统下退出 git commit 编辑器
    SQL语法
    MySQL 和 Javaweb 的报错合集
    最短路径(SP)问题相关算法与模板
    dfs | Security Badges
    redis哨兵机制图谱
    docker笔记
  • 原文地址:https://www.cnblogs.com/sky-cheng/p/11596969.html
Copyright © 2020-2023  润新知