欢迎光临
我们一直在努力

jumpserver配置firewalld白名单

日常记录,给遇到坑的小伙伴留个记录。

docker端口白名单

echo 1 > /proc/sys/net/ipv4/ip_forward
firewall-cmd –permanent –add-masquerade
firewall-cmd –permanent –direct –remove-chain ipv4 filter DOCKER-USER
firewall-cmd –permanent –direct –remove-rules ipv4 filter DOCKER-USER
firewall-cmd –permanent –direct –add-chain ipv4 filter DOCKER-USER
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -i docker0 -j ACCEPT -m comment –comment “allows incoming from docker”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -i docker0 -o eth0 -j ACCEPT -m comment –comment “allows docker to eth0”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -m conntrack –ctstate RELATED,ESTABLISHED -j ACCEPT -m comment –comment “allows docker containers to connect to the outside world”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -j RETURN -s 172.17.0.0/16 -m comment –comment “allow internal docker communication”
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -s 172.10.6.253/32 -j ACCEPT
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -p tcp -m multiport –dports 80,2222 -s 172.10.6.253/32 -j ACCEPT
firewall-cmd –permanent –direct –add-rule ipv4 filter DOCKER-USER 0 -j REJECT –reject-with icmp-host-unreachable -m comment –comment “reject all other traffic”
firewall-cmd –reload

赞(1)
未经允许不得转载:李子博客 » jumpserver配置firewalld白名单
分享到: 更多 (0)