Gateway未来科技

 找回密码
 立即注册
搜索
热搜: 活动 交友 discuz
查看: 207|回复: 0

SuSE配置软防火墙

[复制链接]

258

主题

270

帖子

819

积分

超级版主

Rank: 8Rank: 8

积分
819
发表于 2017-3-1 01:02:47 | 显示全部楼层 |阅读模式
当使用SLES你通过YaST将控制防火墙。
查看当前配置我们可以看看简介
# yast2 防火墙总结
概要:
--------
防火墙开启
-----------------
* 手动启动防火墙
* 防火墙将不会运行后写的配置
未赋值的接口
---------------------
通过这些接口不允许网络流量。
*  eth-id-00:30:48:ff:ff:fe
*  eth-id-00:30:48:ff:ff:ff
内置空间
-------------
* 没有接口分配给该区域。
控制区
------------------
* 没有接口分配给该区域。
外部空间
-------------
* 没有接口分配给该区域。
#
·       配置您的区域(外部、内部、非控制)我们将想做以下:
# yast2 firewall interfaces add interface=`ip a s dev eth0 | awk '/ether/{printf "eth-id-%s", $2}'` zone=INT
Adding interface eth-id-00:30:48:ff:ff:fe into zone INT...
# yast2 firewall interfaces add interface=`ip a s dev eth1 | awk '/ether/{printf "eth-id-%s", $2}'` zone=EXT
Adding interface eth-id-00:30:48:ff:ff:ff into zone EXT...
# yast2 firewall interfaces show
Network Interfaces in Firewall Zones:
-------------------------------------
Zone  Interface                 Device Name
-------------------------------------------
INT   eth-id-00:30:48:ff:ff:fe
EXT   eth-id-00:30:48:ff:ff:ff
#
·         Configuring the firewall rules couldn't be easier.  For a basic web host the following rules should suffice:
# yast2 firewall services add zone=EXT service=http
# yast2 firewall services add zone=EXT service=smtp
# yast2 firewall services add zone=EXT service=pop3
# yast2 firewall services add zone=EXT service=pop3s
# yast2 firewall services add zone=EXT service=imap
# yast2 firewall services add zone=EXT service=imaps
# yast2 firewall services add zone=EXT udpport=53
Should you wish to allow SSH to the public, rather than using our VPN, then you can then add that:
# yast2 firewall services add zone=EXT service=ssh
Custom ports can also be added with ease (eg: sshd listening on port 22099):
# yast2 firewall services add zone=EXT tcpport=22099
·         Firewall Logging
By default there is only logging configured for the EXT zone.  For the most part this is all that would be needed.
# yast2 firewall logging show
Global Logging Settings:
------------------------
Rule Type     Value  Logging Level
--------------------------------------
Accepted      crit   Log only critical
Not accepted  crit   Log only critical
Logging Broadcast Packets:
--------------------------
Short  Zone Name           Logging Status
-------------------------------------------
INT    Internal Zone       Logging disabled
DMZ    Demilitarized Zone  Logging disabled
EXT    External Zone       Logging enabled
#
·         To control the firewalls startup we will do the following:
# yast2 firewall startup help
YaST Configuration Module firewall
-----------------------------------
Command 'startup'
Start-up settings
Options:
show           Show current settings
atboot         Start firewall in the boot process
manual         Start firewall manually
help           Print the help for this command
verbose        Show progress information
Example:
startup show
startup atboot
startup manual
#
·         To set the Firewall to start on boot we can do the following:
# yast2 firewall startup atboot
Start-Up:
---------
Enabling firewall in the boot process...
#
·         To disable the firewall at boot(the firewall is disabled to begin with):
# yast2 firewall startup manual
Start-Up:
---------
Removing firewall from the boot process...
#
·         And finally, to start/stop the firewall.
# rcSuSEfirewall2 status
Checking the status of SuSEfirewall2                                  unused
# rcSuSEfirewall2 start
Starting Firewall Initialization (phase 2 of 2) SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
done
# rcSuSEfirewall2 status
Checking the status of SuSEfirewall2                                  running
# rcSuSEfirewall2 stop
Shutting down the Firewall SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
done
# rcSuSEfirewall2 status
Checking the status of SuSEfirewall2                                  unused
#
回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

Archiver|手机版|小黑屋|Comsenz Inc.

GMT+8, 2024-12-23 12:36 , Processed in 0.041387 second(s), 19 queries .

Powered by Discuz! X3.4

© 2001-2013 Comsenz Inc. Templated By 【未来科技 www.veikei.com】设计

快速回复 返回顶部 返回列表