docker拉的jumpserver配置firewalld白名单

日常记录,给遇到坑的小伙伴留个记录。

docker端口白名单

echo 1 > /proc/sys/net/ipv4/ip_forward
firewall-cmd –permanent –add-masquerade
firewall-cmd –permanent –direct –remove-chain ipv4 filter DOCKER-USER
firewall-cmd –permanent –direct –remove-rules ipv4 filter DOCKER-USER
firewall-cmd –permanent –direct –add-chain ipv4 filter DOCKER-USER
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -i docker0 -j ACCEPT -m comment –comment “allows incoming from docker”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -i docker0 -o eth0 -j ACCEPT -m comment –comment “allows docker to eth0”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT -m comment –comment “allows docker containers to connect to the outside world”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -j RETURN -s 172.17.0.0/16 -m comment –comment “allow internal docker communication”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -s 172.10.6.253/32 -j ACCEPT
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -p tcp -m multiport –dports 80,2222 -s 172.10.6.253/32 -j ACCEPT
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -j REJECT –reject-with icmp-host-unreachable -m comment –comment “reject all other traffic”
firewall-cmd –reload

原创文章,作者:lijian,如若转载,请注明出处:https://www.lijian.me/245.html

发表评论

电子邮件地址不会被公开。 必填项已用*标注

评论列表(2条)

  • 头像
    Ray 2020年6月18日 上午1:26

    博主博主~求推荐一个CDN叭,看你的站加载速度是真的快,用的是谁家的CDN鸭~

    • lijian
      lijian 回复 Ray 2020年6月21日 下午8:40

      cdn用的www.fastcache.com家的,速度一般般。

联系我们

在线咨询:点击这里给我发消息

邮件:root#lijian.me(把#改为@)