『精品』解决 firewalld报错 “WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. Please consider disabling it now” 1https://blog.csdn.net/lizhengyu891231/article/details/139269011 在 firewalld 中添加了一个配置参数来禁用区域偏移 在以前的版本中,firewalld 服务包含一个未记录的行为,称为”zone drifting”。RHEL 7.8 删除了此行为,因为它可能会对安全造成负面影响。因此,在使用这个行为配置 catch-all 或 fallback zone 的主机上,firewalld 会拒绝之前允许的连接。在这个版本中,重新添加了区 drifting 功能,但作为一个可配置的功能。现在,用户可以决定使用区 drifting 功能,也可以禁用它并使用防火墙进行安全设置。 默认情况下,在 RHEL 7.9 中,/etc/firewalld/firewalld.conf 文件中的新 AllowZoneDrifting 参数设置为 yes。请注意,如果启用了该参数,firewalld 日志: WARNING: […]
Category Archives: Firewall
解决docker 报错 “WARNING: AllowZoneDrifting is enabled” 1systemctl status firewalld.service 时弹出如下报错. 提示警告: 1WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option. It will be removed in a future release. 解决办法: 1vi /etc/firewalld/firewalld.conf 1//搜索:AllowZoneDrifiting , 把对应的值 yes 改为 no 1systemctl restart firewalld
『精品』fail2ban 自启动后会导致 firewalld 无法自启动. 1systemctl restart firewalld.service 会遇到如下报错 1Failed to restart firewalld.service: Transaction contains conflicting jobs ‘restart’ and ‘stop’ for fail2ban.service. Probably contradicting requirement 可以通过如下步骤重启 方法一: 123systemctl stop fail2ban.service systemctl restart firewalld.service systemctl start fail2ban.service 方法二: 12systemctl stop firewalld.service systemctl start firewalld.service 最后通过如下方法让其开机自启动 1chmod +x /etc/rc.d/rc.local //让其可执行 1vi /etc/rc.d/rc.local 最后面加入 1systemctl stop […]
7 centos7下Firewall使用详解 [进阶篇] 1https://www.cnblogs.com/yang-dan/p/12090773.html 1. firewalld放行端口 8081/tcp,8082/tcp,8083/tcp [用一行代码] 1firewall-cmd –zone=public –permanent –add-port={8081/tcp,8082/tcp,8083/tcp} 2. firewalld放行服务 http,https [用一行代码] 1firewall-cmd –zone=public –permanent –add-service={http,https} 3. 自定义服务名称—>服务对应的端口 8081 8082 8083 –>api业务 123cd /usr/lib/firewalld/services/ cp http.xml api.xml vi api.xml 1234567<?xml version="1.0" encoding="utf-8"?> <service> <short>API (HTTP)</short> <port protocol="tcp" port="8081"/> <port protocol="tcp" port="8082"/> <port protocol="tcp" port="8083"/> </service> 12firewall-cmd –reload […]
centos7下Firewall使用详解 [高级篇] 12https://www.cnblogs.com/duanxin1/p/9860913.html https://blog.csdn.net/qq_26227841/article/details/88540775 1. 启用IP转发 1vi /etc/sysctl.conf 1net.ipv4.ip_forward = 1 //这行没有的话就加这行 1sysctl -p //命令生效 2. IP相同,端口不同 转发 192.168.122.52 端口4443 转发到 192.168.122.52 端口22 端口转发: 4443端口 – 转发到 – 22端口 [https://www.cnblogs.com/duanxin1/p/9860913.html] 2-1. 启用IP转发 1vi /etc/sysctl.conf 1net.ipv4.ip_forward = […]
6 centos7下Firewall使用详解 1https://www.cnblogs.com/zqifa/p/linux-firewall-1.html 1-1. 查看是否已安装服务firewalld 1rpm -qa | grep firewalld 1-2. 查看是否已安装服务firewalld-filesystem 1rpm -qa | grep firewalld-filesystem 1-3. 查看是否已安装服务firewall-config //图像显示 1rpm -qa | grep firewall-config 2-1. 安装服务firewalld 1yum install -y firewalld 2-2. 安装服务firewalld-filesystem 1yum install -y firewalld-filesystem 2-3. 安装服务firewall-config 1yum install -y firewall-config 3-1. 查看服务状态firewalld 1systemctl status firewalld.service 3-2. 启动服务firewalld 1systemctl start firewalld.service 3-3. 关闭服务firewalld […]