Firewall-cmd配置端口转发：修订间差异

2023年1月19日 (四) 20:26的版本

firewall status

systemctl status firewalld.service

重新加载防火墙

firewall-cmd –reload

Rule List

firewall-cmd –list-all

设置

检查是否允许伪装IP

firewall-cmd –query-masquerade

firewall-cmd –add-masquerade –permanent
–add-masquerade # 允许防火墙伪装IP
–remove-masquerade# 禁止防火墙伪装IP

永久生效

–permanent 永久生效，否则重启/reload失效

开放端口

firewall-cmd –zone=public –add-port=32000-32099/tcp
firewall-cmd –zone=public –add-port=33000-33099/udp
firewall-cmd –zone=public –remove-port=32000-32099/tcp

转发

firewall-cmd –add-forward-port=port=32010:proto=tcp:toport=3389:toaddr=193.122.104.2
firewall-cmd –remove-forward-port=port=32010:proto=tcp:toport=3389:toaddr=193.122.104.2

批量添加端口映射

## fw.sh
#!/bin/sh

if [ "$1" == "add" ]; then
    OT="add"
elif [ "$1" == "remove" ]; then
    OT="remove"
else
    echo "Not Parameter."
    exit 1
fi

if [ "$2" == "" ]; then
    LN_NAME="fw.txt"
else
    LN_NAME=$2
fi

cat ${LN_NAME} | while read LN
do
    LN=`echo ${LN} |awk -F"#" '{print \$1}'`
    if [ "${LN}" == "" ]; then
        echo ${OT} ${LN}
    else
        echo ${OT} ${LN}
        firewall-cmd --${OT}-forward-port=${LN}
        firewall-cmd --${OT}-forward-port=${LN} --permanent
    fi
done

Example

## fw.txt
# win-remote 2
port=32010:proto=tcp:toport=3389:toaddr=192.168.33.2
port=32011:proto=tcp:toport=3389:toaddr=192.168.33.5   
# 22
port=32023:proto=tcp:toport=22:toaddr=192.168.33.3
port=32024:proto=tcp:toport=22:toaddr=192.168.33.4
port=32026:proto=tcp:toport=22:toaddr=192.168.33.6
port=32027:proto=tcp:toport=22:toaddr=192.168.33.7
port=32028:proto=tcp:toport=22:toaddr=192.168.33.8
port=32035:proto=tcp:toport=22:toaddr=192.168.33.15
port=32036:proto=tcp:toport=22:toaddr=192.168.33.16
port=32045:proto=tcp:toport=22:toaddr=192.168.33.25
port=32046:proto=tcp:toport=22:toaddr=192.168.33.26
port=32053:proto=tcp:toport=22:toaddr=192.168.33.33
# other
port=33010:proto=tcp:toport=5432:toaddr=192.168.33.4
port=33011:proto=tcp:toport=9200:toaddr=192.168.33.28
port=33020:proto=tcp:toport=8123:toaddr=192.168.33.36
port=33021:proto=tcp:toport=9000:toaddr=192.168.33.36
# web
port=33080:proto=tcp:toport=80:toaddr=192.168.33.4


## M16
# 3389
port=8080:proto=tcp:toport=3389:toaddr=10.10.137.40
port=8081:proto=tcp:toport=3389:toaddr=10.10.137.42
port=8082:proto=tcp:toport=3389:toaddr=10.10.137.202
# 22
port=9016:proto=tcp:toport=22:toaddr=10.10.137.16
port=9033:proto=tcp:toport=22:toaddr=10.10.137.33
port=9088:proto=tcp:toport=22:toaddr=10.10.137.188
# 1521
port=20711:proto=tcp:toport=1521:toaddr=10.10.137.11
port=20771:proto=tcp:toport=1521:toaddr=10.10.137.71
port=20786:proto=tcp:toport=1521:toaddr=10.10.137.186
port=20911:proto=tcp:toport=1521:toaddr=10.10.139.11
port=20912:proto=tcp:toport=1521:toaddr=10.10.139.12
port=20914:proto=tcp:toport=1521:toaddr=10.10.139.14
port=20915:proto=tcp:toport=1521:toaddr=10.10.139.15
port=20939:proto=tcp:toport=1521:toaddr=10.10.139.39
port=20970:proto=tcp:toport=1521:toaddr=10.10.139.70
# 5432
port=21920:proto=tcp:toport=5432:toaddr=10.10.139.20
port=21952:proto=tcp:toport=5432:toaddr=10.10.139.52
port=21507:proto=tcp:toport=5432:toaddr=10.10.105.207


## D81
# 3389
port=8085:proto=tcp:toport=3389:toaddr=172.30.4.73
port=8080:proto=tcp:toport=8080:toaddr=10.10.137.16
port=8081:proto=tcp:toport=8081:toaddr=10.10.137.16
port=8082:proto=tcp:toport=8082:toaddr=10.10.137.16
# 22
port=9016:proto=tcp:toport=9016:toaddr=10.10.137.16
port=9033:proto=tcp:toport=9033:toaddr=10.10.137.16
port=9088:proto=tcp:toport=9088:toaddr=10.10.137.16
# 1521
port=20711:proto=tcp:toport=20711:toaddr=10.10.137.16
port=20771:proto=tcp:toport=20771:toaddr=10.10.137.16
port=20786:proto=tcp:toport=20786:toaddr=10.10.137.16
port=20911:proto=tcp:toport=20911:toaddr=10.10.139.16
port=20912:proto=tcp:toport=20912:toaddr=10.10.139.16
port=20914:proto=tcp:toport=20914:toaddr=10.10.139.16
port=20915:proto=tcp:toport=20915:toaddr=10.10.139.16
port=20939:proto=tcp:toport=20939:toaddr=10.10.139.16
port=20970:proto=tcp:toport=20970:toaddr=10.10.139.16
# 5432
port=21920:proto=tcp:toport=2192:toaddr=10.10.139.16
port=21952:proto=tcp:toport=2195:toaddr=10.10.139.16
port=21507:proto=tcp:toport=2150:toaddr=10.10.105.16

@@ 第1行： / 第1行： @@
+=== firewall status ===
-=firewall-cmd配置端口转发=
-==firewall status==
 systemctl status firewalld.service
-==重新加载防火墙==
+=== 重新加载防火墙 ===
 firewall-cmd –reload
-==Rule List==
+=== Rule List ===
 firewall-cmd –list-all
-==设置==
+=== 设置 ===
-===检查是否允许伪装IP===
+==== 检查是否允许伪装IP ====
 firewall-cmd –query-masquerade
@@ 第20行： / 第17行： @@
 *–remove-masquerade# 禁止防火墙伪装IP
-===永久生效===
+==== 永久生效 ====
 *–permanent 永久生效，否则重启/reload失效
-===开放端口===
+==== 开放端口 ====
 *firewall-cmd –zone=public –add-port=32000-32099/tcp
 *firewall-cmd –zone=public –add-port=33000-33099/udp
 *firewall-cmd –zone=public –remove-port=32000-32099/tcp
-===转发===
+==== 转发 ====
 *firewall-cmd –add-forward-port=port=32010:proto=tcp:toport=3389:toaddr=193.122.104.2
 *firewall-cmd –remove-forward-port=port=32010:proto=tcp:toport=3389:toaddr=193.122.104.2
-=== 批量添加端口映射 ===
+==== 批量添加端口映射 ====
   ## fw.sh
   #!/bin/sh
@@ 第140行： / 第134行： @@
   port=21952:proto=tcp:toport=2195:toaddr=10.10.139.16
   port=21507:proto=tcp:toport=2150:toaddr=10.10.105.16
+[[分类:Develop]]
+[[分类:Linux]]

Firewall-cmd配置端口转发：修订间差异

2023年1月19日 (四) 20:26的版本

目录

firewall status

重新加载防火墙

Rule List

设置

检查是否允许伪装IP

永久生效

开放端口

转发

批量添加端口映射

Example

导航菜单

Firewall-cmd配置端口转发：修订间差异

2023年1月19日 (四) 20:26的版本

firewall status

重新加载防火墙

Rule List

设置

检查是否允许伪装IP

永久生效

开放端口

转发

批量添加端口映射

Example

导航菜单

搜索