firewall-cmd --permanent --remove-rich-rule='rule family="ipv4" source address="0.0.0.0" port port="22" protocol="tcp" reject '
所有计算
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="111" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5900" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5901" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5902" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5903" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5904" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5905" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="5906" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="8022" accept" --zone=internal
ubuntu14
ufw delete allow ssh
ufw allow proto tcp from 10.34.1.15 to any port 22
CentOS7
计算节点
systemctl start firewalld.service
firewall-cmd --zone=internal --change-interface=em1 --permanent
firewall-cmd --zone=trusted --change-interface=em2 --permanent
firewall-cmd --remove-service=ssh --permanent
firewall-cmd --set-default-zone=internal
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="1-65535" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="udp" port="1-65535" accept"
控制节点
systemctl start firewalld.service
firewall-cmd --zone=internal --change-interface=em1 --permanent
firewall-cmd --zone=trusted --change-interface=em2 --permanent
firewall-cmd --remove-service=ssh --permanent
firewall-cmd --set-default-zone=internal
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.15" port protocol="tcp" port="22" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="tcp" port="1-65535" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="tcp" port="1-65535" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.16" port protocol="udp" port="1-65535" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.17" port protocol="udp" port="1-65535" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="80" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.34.1.83" port protocol="tcp" port="6080" accept"
ufw allow proto tcp from 10.34.1.2 to any port 3306
ufw allow proto tcp from 10.34.1.2 to any port 2379
ufw allow proto tcp from 10.34.1.2 to any port 11211
ufw allow proto tcp from 10.34.1.2 to any port 5900
ufw allow proto tcp from 10.34.1.2 to any port 5901
ufw allow proto tcp from 10.34.1.2 to any port 5902
ufw allow proto tcp from 10.34.1.2 to any port 5903
ufw allow proto tcp from 10.34.1.2 to any port 5903
ufw allow proto tcp from 10.34.1.2 to any port 3306
ufw allow proto tcp from 10.34.1.2 to any port 2379
ufw allow proto tcp from 10.34.1.2 to any port 11211
ufw allow proto tcp from 10.34.1.5 to any port 3306
ufw allow proto tcp from 10.34.1.5 to any port 2379
ufw allow proto tcp from 10.34.1.5 to any port 11211
ufw allow proto tcp from 10.34.1.9 to any port 3306
ufw allow proto tcp from 10.34.1.9 to any port 2379
ufw allow proto tcp from 10.34.1.9 to any port 11211
ufw allow proto tcp from 10.34.1.9 to any port 5672
ufw allow proto tcp from 10.34.1.9 to any port 2380
ufw allow proto tcp from 10.34.1.9 to any port 4369
ufw allow proto tcp from 10.34.1.15 to any port 22
ufw allow proto udp from 10.34.1.2 to any port 123
ufw allow proto tcp from 10.34.1.2 to any port 5672
ufw allow proto tcp from 10.34.1.10 to any port 5901
ufw allow proto tcp from 10.34.1.10 to any port 5902
ufw allow proto tcp from 10.34.1.10 to any port 5903
ufw allow proto tcp from 10.34.1.10 to any port 5904
ufw allow proto tcp from 10.34.1.10 to any port 5905
ufw allow proto tcp from 10.34.1.10 to any port 5906
ufw allow proto tcp from 10.34.1.10 to any port 5907
ufw allow proto tcp from 10.34.1.10 to any port 5908
ufw allow proto tcp from 10.34.1.10 to any port 5909
ufw allow from 10.34.1.10
ufw allow proto tcp from 10.34.1.15 to any port 22
ufw default allow routed
/etc/sysctl.conf
net.ipv4.icmp_echo_ignore_all=1
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 开发者必知的日志记录最佳实践
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
2020-01-10 python C/C++调用方法
2018-01-10 Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible. <class 'sqlalchemy.exc.OperationalError'> (HTTP 500) (Request-ID: req-6ac88345-ce5a
2016-01-10 kvm usb
2016-01-10 Assigning Host USB device to a Guest VM
2016-01-10 kvm guest usb mapping
2014-01-10 It旅程经典报错信息
2014-01-10 带外监控