suse防火墙SuSEfirewall2 设置 指定地址访问制定端口
来源:互联网 发布:java office转换pdf 编辑:程序博客网 时间:2024/05/15 06:26
原文地址:http://en.opensuse.org/SuSEfirewall2
Allowing Access to ServicesEvery firewall zone can allow four types of services TCP - FW_SERVICES_EXT_TCP, FW_SERVICES_INT_TCP, FW_SERVICES_DMZ_TCP UDP - FW_SERVICES_EXT_UDP, FW_SERVICES_INT_UDP, FW_SERVICES_DMZ_UDP RPC - FW_SERVICES_EXT_RPC, FW_SERVICES_INT_RPC, FW_SERVICES_DMZ_RPC IP - FW_SERVICES_EXT_IP, FW_SERVICES_INT_IP, FW_SERVICES_DMZ_IPTCP and UDP services can be entered by the port number, port name (current assignment can be found in /etc/services file on your system) or a port range defined as two port numbers with a colon inbetween.Examples:FW_SERVICES_EXT_TCP="ssh"FW_SERVICES_EXT_TCP="ftp 22 telnet 512:514"FW_SERVICES_EXT_UDP="631 400:405"Alternatively packages may provide a configuration file that describes which ports need to be opened to run a specific service, see SuSEfirewall2/Service_Definitions_Added_via_Packages. Using this method is especially convenient if a service needs multiple ports.More Restricted Access to ServicesThe above mentioned way to allow access to services is not very restrictive, it allows or it does not allow. There is parameter that can be set to allow more restrictive access to a service. However the above definitions of allowed services take precedence over the definitions mentioned below when the same port is used. These are: FW_SERVICES_ACCEPT_EXT, FW_SERVICES_ACCEPT_INT, FW_SERVICES_ACCEPT_DMZFor each service these parameters take 4 positional parameters and additional keyword parameters, also called flags.So the format is a space separated list of net,protocol[,dport[,sport[,flags]]]ExampleFW_SERVICES_ACCEPT_EXT="0.0.0.0/0,tcp,22"# This 0.0.0.0/0 restricts access via IPv4 onlySupported flags are: hitcount=NUMBER : ipt_recent --hitcount parameter blockseconds=NUMBER : ipt_recent --seconds parameter recentname=NAME : ipt_recent --name parameterExample:# Allow max three ssh connects per minute from the same IP address somewhere in the Internet:FW_SERVICES_ACCEPT_EXT="0/0,tcp,22,,hitcount=3,blockseconds=60,recentname=ssh"# This 0/0 allows access via both IPv4 and IPv6
这段说的是指定允许访问的端口的方法有2个:
FW_SERVICES_ACCEPT_EXT
<pre name="code" class="plain">FW_SERVICES_EXT_TCP第一个允许你指定你指定的原地址、端口等额外参数
第二个只允许你指定端口,也就是说必须允许所有地址、所有协议都可以访问,原文也说了,这有些不严谨!
一开始,我理解错误了,举个例子:
我的需求是允许所有地址访问80端口,只允许指定的地址访问22端口
所以我就在FW_SERVICES_EXT_TCP里面写了80,在FW_SERVICES_ACCEPT_EXT里面写了xxxxx(指定地址),tcp,22 结果发现只有80可以访问,22无法访问!!!
纠结了半天发现原文说的FW_SERVICES_EXT_TCP配置会覆盖FW_SERVICES_ACCEPT_EXT配置指的是2种配置方法无法共存的意思。也就是说你只能选择一种方法,而不能一个端口用第一种方法,另一个端口用第二种方法!!
原文:. However the above definitions of allowed services take precedence over the definitions mentioned below when the same port is used.
(感觉我理解的没错啊,后面有条件是when the same port is used!,但是我测试的结果就是你只能选一个,whatever,第2种方法我更喜欢!)
想明白这一点之后,感觉suse的防火墙设置还真是挺简单的!!!
0 0
- suse防火墙SuSEfirewall2 设置 指定地址访问制定端口
- SuSEfirewall2 只允许指定IP访问UDP端口或TCP端口
- SuSEfirewall2 只允许指定IP访问UDP端口或TCP端口
- SUSE 防火墙设置之端口开放篇
- SUSE 防火墙设置之端口开放
- 设置tomcat访问首页,ip地址加端口既访问指定服务地址
- Tomcat使用端口号访问制定地址解决办法
- suse 防火墙设置
- suse linux 防火墙设置
- Suse防火墙设置
- SuSE防火墙设置--禁止主机主动访问外部机器
- Linux防火墙限制指定端口只能由指定IP访问
- Linux防火墙设置,增加访问端口
- Linux防火墙设置端口限制访问
- 防火墙规则,指定ip访问mysql数据库3306端口
- SUSE Enterprise Server 设置防火墙
- SuSe Linux防火墙配置指定IP或IP段可访问
- 本地项目部署到服务器并且访问的地址设置成指定的域名访问端口是80
- 点是否在多边形内
- 攻击者为何总能攻破企业安全防线?
- Over receive ASN shipped quantity 导致的 bug
- 分组统计数据
- hadoop体系结构介绍
- suse防火墙SuSEfirewall2 设置 指定地址访问制定端口
- python socket多人聊天室
- 第二节 字典
- android开发学习——注册时发送验证码
- 深入浅出MFC学习笔记:(第三章MFC六大关键技术之仿真:类型识别,动态创建) .
- 使用Eclipse默认证书签名APK
- informatica 的映射mapping 中不能编辑表生成的sql 解决方案
- CSS3详解:background
- 甘特图工具和资源。你了解多少?