0
点赞
收藏
分享

微信扫一扫

ReactNative进阶(二十八)Metro

忆北文学摄影爱好员 2024-06-24 阅读 38
网络

添加minio源端白名单

1、检查机器原有白名单:

[root@test-01 ~]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             multiport dports cslistener source IP range 192.158.\*.2-192.158.\*.61
ACCEPT     tcp  --  anywhere             anywhere             multiport dports cslistener source IP range 127.0.0.1-127.0.0.1
DROP       tcp  --  anywhere             anywhere             multiport dports cslistener

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

需要注意,INPUT的Chain中,已有1条DROP,过滤执行到drop后就会中断,剩余语句不再过滤。所以需要保证drop行在Chain的最后一行。

2、检查需要新增的语句

iptables -A INPUT -p tcp --dport 9000 -s 192.158.%.90,192.158.%.100 -j ACCEPT

3、删掉原有drop规则,增加规则后将drop规则追加到最后

3.1、显示规则行号
[root@test-01 ~]# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
2    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
3    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
4    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
5    ACCEPT     tcp  --  anywhere             anywhere             multiport dports cslistener source IP range 192.158.\*.2-192.158.\*.61
6    ACCEPT     tcp  --  anywhere             anywhere             multiport dports cslistener source IP range 127.0.0.1-127.0.0.1
7    DROP       tcp  --  anywhere             anywhere             multiport dports cslistener

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     anywhere
3    ACCEPT     all  --  anywhere             anywhere
4    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
5    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
3.2、删掉对应行号(删掉第7行,对应原来的DROP规则)
iptables -D INPUT 7 
3.3、增加规则
iptables -A INPUT -p tcp --dport 9000 -s 192.158.%.90,192.158.%.100 -j ACCEPT  
3.4、增加drop规则
iptables -A INPUT -p tcp --dport 9000 -j DROP

4、检查规则并保存

4.1、检查规则
[root@test-01 ~]# iptables -L --line-numbers
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
2    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
3    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
4    ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
5    ACCEPT     tcp  --  anywhere             anywhere             multiport dports cslistener source IP range 192.158.\*.2-192.158.\*.61
6    ACCEPT     tcp  --  anywhere             anywhere             multiport dports cslistener source IP range 127.0.0.1-127.0.0.1
7    ACCEPT     tcp  --  192.158.%.90       anywhere             tcp dpt:cslistener
8    ACCEPT     tcp  --  192.158.%.100      anywhere             tcp dpt:cslistener
9   DROP       tcp  --  anywhere             anywhere             tcp dpt:cslistener

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
2    ACCEPT     all  --  192.168.122.0/24     anywhere
3    ACCEPT     all  --  anywhere             anywhere
4    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
5    REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination
1    ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
4.2、保存防火墙规则
[root@test-01 ~]# service iptables save
举报

相关推荐

0 条评论