133 server [复制链接]

ulimit -SHn 1024000
chmod +x /etc/rc.d/rc.local
vi /etc/rc.local

cat /etc/redhat-release
CentOS Linux release 7.8.2003 (Core)

:INPUT DROP [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1488:3835634]
-A INPUT -s 46.229.0.0/16 -j DROP
-A INPUT -s 42.0.0.0/8 -j DROP
-A INPUT -s 46.229.0.0/16 -j DROP
-A INPUT -s 42.0.0.0/8 -j DROP
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -s 115.231.212.254/32 -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -s 115.231.212.254/32 -p udp -m state --state NEW -m udp --dport 161 -j ACCEPT
-A INPUT -s 10.27.234.191/32 -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT
-A INPUT -s 115.231.212.254/32 -p tcp -m state --state NEW -m tcp --dport 873 -j ACCEPT
-A INPUT -s 115.231.212.254/32 -p tcp -m state --state NEW -m tcp --dport 3306 -j ACCEPT
-A INPUT -s 10.25.0.106/32 -p tcp -m state --state NEW -m tcp --dport 4222 -j ACCEPT
-A INPUT -s 10.27.234.191/32 -p tcp -m state --state NEW -m tcp --dport 4222 -j ACCEPT
-A INPUT -s 115.231.212.254/32 -p tcp -m state --state NEW -m tcp --dport 4222 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

1，安装systemctl：

yum install iptables-services
2，设置开机启动：

systemctl enable iptables.service
然后就可以执行以下指令了：

systemctl stop iptables
systemctl start iptables
systemctl restart iptables
systemctl reload iptables




CentOS 7.0默认使用的是firewall作为防火墙，这里改为iptables防火墙。
1、关闭firewall：

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl mask firewalld.service
2、安装iptables防火墙

yum install iptables-services -y
3.启动设置防火墙

systemctl enable iptables
systemctl start iptables

4.查看防火墙状态

systemctl status iptables
5编辑防火墙，增加端口

vi /etc/sysconfig/iptables #编辑防火墙配置文件


-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT

:wq! #保存退出

3.重启配置，重启系统

systemctl restart iptables.service #重启防火墙使配置生效
systemctl enable iptables.service #设置防火墙开机启动

sed -i "s/#Port 22/Port 4222/g" /etc/ssh/sshd_config
systemctl restart sshd

yum install -y rsync
vim /etc/rsyncd.conf
vim /etc/rsync.secret
systemctl start rsyncd
ifconfig
vim /etc/sysconfig/iptables
iptables-restore < /etc/sysconfig/iptables
chmod 600 /etc/rsync.secret