查看“Firewall-cmd配置端口转发”的源代码
←
Firewall-cmd配置端口转发
跳到导航
跳到搜索
因为以下原因,您没有权限编辑本页:
您请求的操作仅限属于该用户组的用户执行:
用户
您可以查看和复制此页面的源代码。
=== firewall status === systemctl status firewalld.service === 重新加载防火墙 === firewall-cmd --reload ===Rule List=== firewall-cmd --list-all ===设置=== ====检查是否允许伪装IP==== firewall-cmd --query-masquerade *firewall-cmd --add-masquerade --permanent *--add-masquerade # 允许防火墙伪装IP *--remove-masquerade# 禁止防火墙伪装IP ====永久生效==== * --permanent 永久生效,否则重启/reload失效 ====开放端口==== *firewall-cmd --zone=public --add-port=32000-32099/tcp *firewall-cmd --zone=public --add-port=33000-33099/udp *firewall-cmd --zone=public --remove-port=32000-32099/tcp ====转发==== * firewall-cmd --add-forward-port=port=32010:proto=tcp:toport=3389:toaddr=193.122.104.2 *firewall-cmd --remove-forward-port=port=32010:proto=tcp:toport=3389:toaddr=193.122.104.2 ====批量添加端口映射==== ## fw.sh #!/bin/sh if [ "$1" == "add" ]; then OT="add" elif [ "$1" == "remove" ]; then OT="remove" else echo "Not Parameter." exit 1 fi if [ "$2" == "" ]; then LN_NAME="fw.txt" else LN_NAME=$2 fi cat ${LN_NAME} | while read LN do LN=`echo ${LN} |awk -F"#" '{print \$1}'` if [ "${LN}" == "" ]; then echo ${OT} ${LN} else echo ${OT} ${LN} firewall-cmd --${OT}-forward-port=${LN} firewall-cmd --${OT}-forward-port=${LN} --permanent fi done === Example=== ## fw.txt # win-remote 2 port=32010:proto=tcp:toport=3389:toaddr=192.168.33.2 port=32011:proto=tcp:toport=3389:toaddr=192.168.33.5 # 22 port=32023:proto=tcp:toport=22:toaddr=192.168.33.3 port=32024:proto=tcp:toport=22:toaddr=192.168.33.4 port=32026:proto=tcp:toport=22:toaddr=192.168.33.6 port=32027:proto=tcp:toport=22:toaddr=192.168.33.7 port=32028:proto=tcp:toport=22:toaddr=192.168.33.8 port=32035:proto=tcp:toport=22:toaddr=192.168.33.15 port=32036:proto=tcp:toport=22:toaddr=192.168.33.16 port=32045:proto=tcp:toport=22:toaddr=192.168.33.25 port=32046:proto=tcp:toport=22:toaddr=192.168.33.26 port=32053:proto=tcp:toport=22:toaddr=192.168.33.33 # other port=33010:proto=tcp:toport=5432:toaddr=192.168.33.4 port=33011:proto=tcp:toport=9200:toaddr=192.168.33.28 port=33020:proto=tcp:toport=8123:toaddr=192.168.33.36 port=33021:proto=tcp:toport=9000:toaddr=192.168.33.36 # web port=33080:proto=tcp:toport=80:toaddr=192.168.33.4 ## M16 # 3389 port=8080:proto=tcp:toport=3389:toaddr=10.10.137.40 port=8081:proto=tcp:toport=3389:toaddr=10.10.137.42 port=8082:proto=tcp:toport=3389:toaddr=10.10.137.202 # 22 port=9016:proto=tcp:toport=22:toaddr=10.10.137.16 port=9033:proto=tcp:toport=22:toaddr=10.10.137.33 port=9088:proto=tcp:toport=22:toaddr=10.10.137.188 # 1521 port=20711:proto=tcp:toport=1521:toaddr=10.10.137.11 port=20771:proto=tcp:toport=1521:toaddr=10.10.137.71 port=20786:proto=tcp:toport=1521:toaddr=10.10.137.186 port=20911:proto=tcp:toport=1521:toaddr=10.10.139.11 port=20912:proto=tcp:toport=1521:toaddr=10.10.139.12 port=20914:proto=tcp:toport=1521:toaddr=10.10.139.14 port=20915:proto=tcp:toport=1521:toaddr=10.10.139.15 port=20939:proto=tcp:toport=1521:toaddr=10.10.139.39 port=20970:proto=tcp:toport=1521:toaddr=10.10.139.70 # 5432 port=21920:proto=tcp:toport=5432:toaddr=10.10.139.20 port=21952:proto=tcp:toport=5432:toaddr=10.10.139.52 port=21507:proto=tcp:toport=5432:toaddr=10.10.105.207 ## D81 # 3389 port=8085:proto=tcp:toport=3389:toaddr=172.30.4.73 port=8080:proto=tcp:toport=8080:toaddr=10.10.137.16 port=8081:proto=tcp:toport=8081:toaddr=10.10.137.16 port=8082:proto=tcp:toport=8082:toaddr=10.10.137.16 # 22 port=9016:proto=tcp:toport=9016:toaddr=10.10.137.16 port=9033:proto=tcp:toport=9033:toaddr=10.10.137.16 port=9088:proto=tcp:toport=9088:toaddr=10.10.137.16 # 1521 port=20711:proto=tcp:toport=20711:toaddr=10.10.137.16 port=20771:proto=tcp:toport=20771:toaddr=10.10.137.16 port=20786:proto=tcp:toport=20786:toaddr=10.10.137.16 port=20911:proto=tcp:toport=20911:toaddr=10.10.139.16 port=20912:proto=tcp:toport=20912:toaddr=10.10.139.16 port=20914:proto=tcp:toport=20914:toaddr=10.10.139.16 port=20915:proto=tcp:toport=20915:toaddr=10.10.139.16 port=20939:proto=tcp:toport=20939:toaddr=10.10.139.16 port=20970:proto=tcp:toport=20970:toaddr=10.10.139.16 # 5432 port=21920:proto=tcp:toport=2192:toaddr=10.10.139.16 port=21952:proto=tcp:toport=2195:toaddr=10.10.139.16 port=21507:proto=tcp:toport=2150:toaddr=10.10.105.16 == 参考 == # [https://www.cnblogs.com/gongjingyun123--/p/12018442.html 防火墙富规则、内部上网] [[分类:Develop]] [[分类:Linux]]
返回
Firewall-cmd配置端口转发
。
导航菜单
个人工具
登录
命名空间
页面
讨论
大陆简体
查看
阅读
查看源代码
查看历史
更多
搜索
导航
首页
最近更改
随机页面
目录
文章分类
侧边栏
帮助
工具
链入页面
相关更改
特殊页面
页面信息