myron
[root@site-a1 ~]# ll /etc/firewalld/zones/
总用量 16
-rw-r--r-- 1 root root 421 6月 9 15:24 public.xml
-rw-r--r--. 1 root root 386 6月 9 15:13 public.xml.old
-rw-r--r-- 1 root root 379 6月 21 00:01 trusted.xml
-rw-r--r-- 1 root root 301 6月 9 15:13 trusted.xml.old
[root@site-a1 ~]# cat /etc/firewalld/zones/trusted.xml
<?xml version="1.0" encoding="utf-8"?>
<zone target="ACCEPT">
<short>Trusted</short>
<description>All network connections are accepted.</description>
<source address="100.64.0.0/10"/>
<source address="10.0.0.0/8"/>
<source address="11.0.0.0/8"/>
<source address="123.56.178.80/32"/>
<source address="192.168.0.0/16"/>
<source address="118.26.134.12/32"/>
</zone>
[root@site-a1 ~]# cat /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="dhcpv6-client"/>
<port protocol="tcp" port="443"/>
<port protocol="tcp" port="80"/>
<forward-port to-port="22" protocol="tcp" port="42701"/>
</zone>
________________________________________________________________
Centos7 更改中文
localectl set-locale LANG=en_US.UTF-8
1、安装中文语言包:
yum groupinstall "Chinese Support" -y
2、修改系统默认语言为中文
localectl set-locale LANG=zh_CN.UTF-8
3、重启系统即可:
reboot
_________________________________________________________________
Centos7 做路由代理
[root@v-route-1 ~]# more /etc/rc.local
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.
touch /var/lock/subsys/local
echo "1" > /proc/sys/net/ipv4/ip_forward
[root@v-route-1 ~]# more /etc/sysconfig/iptables
# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*nat
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 10022 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
#-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
_________________________________________________________________
[root@server ~]# firewall-cmd --permanent --zone=public --add-port=5905/tcp
[root@server ~]# firewall-cmd --reload
[root@server ~]# firewall-cmd --permanent --zone=public --remove-port=5905/tcp
_________________________________________________________________
firewall-cmd --permanent --zone=public --add-port=10022/tcp
firewall-cmd --reload
centos 7 firewalld常用命令
07 November 2014 • Filed under centos, linux
将ip添加到zone
sudo firewall-cmd --permanent --zone=work --add-source=192.168.0.0/24
将某个网口添加到zone
sudo firewall-cmd --permanent --zone=work --add-interface=eth0
在某个zone打开端口
sudo firewall-cmd --permanent --zone=work --add-port=8080-8090/tcp
永久打开一个端口
firewall-cmd --permanent --add-port=8080/tcp
永久关闭一个端口
firewall-cmd --permanent --remove-port=8080/tcp
永久打开某项服务
firewall-cmd --permanent --add-service=http
永久关闭某项服务
firewall-cmd --permanent --remove-service=http
进行端口转发
firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080:toaddr=192.0.2.55
允许转发到其他地址
firewall-cmd --permanent --add-masquerade
重新加载防火墙
firewall-cmd --reload
