CentOS 防火墙管理及使用的redis基本常用命令

2023-12-15 23:43:54

防火墙管理

需要关闭防火墙或者开启对应端口

使用systemctl管理防火墙启动、关闭

  1. 启动防火墙: systemctl start firewalld
  2. 关闭防火墙: systemctl stop firewalld
  3. 查看防火墙状态: systemctl status firewalld
  4. 开机禁用防火墙: systemctl disable firewalld
  5. 开机启用防火墙 : systemctl enable firewalld

使用firewalld-cmd配置访问防火墙策略

  1. 查看版本firewall-cmd --version
  2. 查看帮助 firewall-cmd --help
  3. 显示状态 firewall-cmd --state
  4. 查看当前所有规则 firewall-cmd --list-all
  5. 查看所有打开的端口 firewall-cmd --zone=public --list-ports
  6. 更新防火墙规则 firewall-cmd --reload
  7. 添加开放端口
firewall-cmd --zone=public --add-port=80/tcp --permanent (permanent永久生效,没有此参数重启后失效)
  1. 查看端口是否开放firewall-cmd --zone=public --query-port=80/tcp
  2. 删除开放端口 firewall-cmd --zone=public --remove-port=80/tcp --permanent
  3. 批量开放一段TCP端口 firewall-cmd --permanent --add-port=9001-9100/tcp
  4. 开放IP的访问 firewall-cmd --permanent --add-source=192.168.1.1
  5. 开放整个源IP段的访问firewall-cmd --permanent --add-source=192.168.1.0/24
  6. 移除IP访问firewall-cmd --permanent --remove-source=192.168.1.1
  7. 允许指定IP访问本机80端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept'
  1. 禁止指定IP访问本机80端口
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" reject'
  1. 移除允许指定IP访问本机80端口规则
firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="192.168.1.1" port protocol="tcp" port="80" accept'

firewalld配置文件修改

通过修改配置文件修改防火墙访问策略
开放端口
永久开放2个端口

firewall-cmd --permanent --zone=public --add-port=8080/tcp
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reload

在 /etc/firewalld/zones 下的 public.xml里:

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="8080"/>
</zone>

限制来源IP

限制只能接收来自 10.10.x.x段的IP,开放8000到9000之间的端口。

firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="10.10.0.0/16" port protocol="tcp" port="8000-9000" accept'
firewall-cmd --reload

再看 /etc/firewalld/zones/public.xml

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
  <service name="ssh"/>
  <service name="dhcpv6-client"/>
  <port protocol="tcp" port="80"/>
  <port protocol="tcp" port="8080"/>
  
  <rule family="ipv4">
    <source address="10.10.0.0/16"/>
    <port protocol="tcp" port="8000-9000"/>
    <accept/>
  </rule>
  
  <rule family="ipv4">
    <source address="192.168.1.0/24"/>
    <port protocol="tcp" port="18000-19000"/>
    <accept/>
  </rule>

 # 单个端口限制
 <rule family="ipv4">
    <source address="192.168.20.228"/>
    <port protocol="tcp" port="18848"/>
    <accept/>
 </rule>
  
</zone>

所以,可以直接修改配置文件更改防火墙策略.

# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: 
  sources: 
  services: ssh dhcpv6-client
  ports: 80/tcp 22/tcp
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
	rule family="ipv4" source address="10.10.0.0/16" port port="8000-9000" protocol="tcp" accept

docker

启动docker : systemctl start docker

使用 redis

docker使用redis6.0.8镜像创建容器(也叫运行镜像):

docker run  -p 6379:6379 --name myr3 --privileged=true -v /app/redis/redis.conf:/etc/redis/redis.conf -v /app/redis/data:/data -d redis:6.0.8 redis-server /etc/redis/redis.conf

说明一下:-v /app/redis/redis.conf:/etc/redis/redis.conf
宿主机器上配置文件/app/redis/redis.conf,映射到容器里/etc/redis/redis.conf,容器使用映射后的配置文件/etc/redis/redis.conf
在这里插入图片描述
redis-cli连接上来
redis-cli -a 111111
在这里插入图片描述

文章来源:https://blog.csdn.net/qq_27597629/article/details/135025897
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。