上传电影网站源码,搜索引擎关键词优化,google wordpress,国内做的比较好的数据网站文章目录 防火墙管理使用systemctl管理防火墙启动、关闭使用firewalld-cmd配置访问防火墙策略firewalld配置文件修改限制来源IP docker使用 redis 防火墙管理
需要关闭防火墙或者开启对应端口
使用systemctl管理防火墙启动、关闭
启动防火墙#xff1a; systemctl start fi… 文章目录 防火墙管理使用systemctl管理防火墙启动、关闭使用firewalld-cmd配置访问防火墙策略firewalld配置文件修改限制来源IP docker使用 redis 防火墙管理
需要关闭防火墙或者开启对应端口
使用systemctl管理防火墙启动、关闭
启动防火墙 systemctl start firewalld关闭防火墙 systemctl stop firewalld查看防火墙状态 systemctl status firewalld开机禁用防火墙 systemctl disable firewalld开机启用防火墙 systemctl enable firewalld
使用firewalld-cmd配置访问防火墙策略
查看版本firewall-cmd --version查看帮助 firewall-cmd --help显示状态 firewall-cmd --state查看当前所有规则 firewall-cmd --list-all查看所有打开的端口 firewall-cmd --zonepublic --list-ports更新防火墙规则 firewall-cmd --reload添加开放端口
firewall-cmd --zonepublic --add-port80/tcp --permanent (permanent永久生效没有此参数重启后失效)查看端口是否开放firewall-cmd --zonepublic --query-port80/tcp删除开放端口 firewall-cmd --zonepublic --remove-port80/tcp --permanent批量开放一段TCP端口 firewall-cmd --permanent --add-port9001-9100/tcp开放IP的访问 firewall-cmd --permanent --add-source192.168.1.1开放整个源IP段的访问firewall-cmd --permanent --add-source192.168.1.0/24移除IP访问firewall-cmd --permanent --remove-source192.168.1.1允许指定IP访问本机80端口
firewall-cmd --permanent --add-rich-rulerule familyipv4 source address192.168.1.1 port protocoltcp port80 accept禁止指定IP访问本机80端口
firewall-cmd --permanent --add-rich-rulerule familyipv4 source address192.168.1.1 port protocoltcp port80 reject移除允许指定IP访问本机80端口规则
firewall-cmd --permanent --remove-rich-rulerule familyipv4 source address192.168.1.1 port protocoltcp port80 acceptfirewalld配置文件修改
通过修改配置文件修改防火墙访问策略 开放端口 永久开放2个端口
firewall-cmd --permanent --zonepublic --add-port8080/tcp
firewall-cmd --permanent --zonepublic --add-port80/tcp
firewall-cmd --reload在 /etc/firewalld/zones 下的 public.xml里
?xml version1.0 encodingutf-8?
zoneshortPublic/shortdescriptionFor use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted./descriptionservice namessh/service namedhcpv6-client/port protocoltcp port80/port protocoltcp port8080/
/zone限制来源IP
限制只能接收来自 10.10.x.x段的IP开放8000到9000之间的端口。
firewall-cmd --permanent --zonepublic --add-rich-rulerule familyipv4 source address10.10.0.0/16 port protocoltcp port8000-9000 accept
firewall-cmd --reload再看 /etc/firewalld/zones/public.xml
?xml version1.0 encodingutf-8?
zoneshortPublic/shortdescriptionFor use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted./descriptionservice namessh/service namedhcpv6-client/port protocoltcp port80/port protocoltcp port8080/rule familyipv4source address10.10.0.0/16/port protocoltcp port8000-9000/accept//rulerule familyipv4source address192.168.1.0/24/port protocoltcp port18000-19000/accept//rule# 单个端口限制rule familyipv4source address192.168.20.228/port protocoltcp port18848/accept//rule/zone所以可以直接修改配置文件更改防火墙策略.
# firewall-cmd --list-all
publictarget: defaulticmp-block-inversion: nointerfaces: sources: services: ssh dhcpv6-clientports: 80/tcp 22/tcpprotocols: masquerade: noforward-ports: source-ports: icmp-blocks: rich rules: rule familyipv4 source address10.10.0.0/16 port port8000-9000 protocoltcp accept
docker
启动docker : systemctl start docker
使用 redis
docker使用redis6.0.8镜像创建容器(也叫运行镜像)
docker run -p 6379:6379 --name myr3 --privilegedtrue -v /app/redis/redis.conf:/etc/redis/redis.conf -v /app/redis/data:/data -d redis:6.0.8 redis-server /etc/redis/redis.conf说明一下-v /app/redis/redis.conf:/etc/redis/redis.conf 宿主机器上配置文件/app/redis/redis.conf映射到容器里/etc/redis/redis.conf容器使用映射后的配置文件/etc/redis/redis.conf redis-cli连接上来 redis-cli -a 111111
