auditsys防火墙设置

4 年 ago

HXWK

1 minute

注意: 变更服务器IP和增添服务器都要修改对应的iptables

加固es服务器

firewall-cmd –remove-port=9200/tcp–permanent

firewall-cmd –permanent–add-rich-rule=”rule family=”ipv4″ source address=”应用服务器IP”port protocol=”tcp” port=”9200″ accept”

firewall-cmd –permanent–add-rich-rule=”rule family=”ipv4″ source address=”center服务器IP” port protocol=”tcp”port=”9200″ accept”

多个服务器就添加多条规则

firewall-cmd –remove-port=9300/tcp–permanent

firewall-cmd –permanent–add-rich-rule=”rule family=”ipv4″ source address=”es集群服务器的IP” portprotocol=”tcp” port=”9300″ accept”

多个es服务器就添加多条规则

firewall-cmd –reload

systemctl restart firewalld

加固center服务器

firewall-cmd –zone=public–add-port=80/tcp –permanent

firewall-cmd –zone=public–add-port=443/tcp –permanent

firewall-cmd –remove-port=3306/tcp–permanent

firewall-cmd –permanent–add-rich-rule=”rule family=”ipv4″ source address=”应用服务器服务器IP “port protocol=”tcp” port=”3306″ accept”

多个服务器就添加多条规则

firewall-cmd –reload

systemctl restart firewalld

加固应用服务器

firewall-cmd –zone=public–add-port=3454/tcp –permanent

firewall-cmd –zone=public–add-port=3455/tcp –permanent

firewall-cmd –reload

systemctl restart firewalld