关于SUSE 12防火墙

系统SUSE Linux Enterprise Server 12 SP5 (x86_64)

 

1、打开/关闭/查看防火墙

防火墙的服务名称为：SuSEfirewall2.service

防火墙关停操作

systemctl start/stop/status SuSEfirewall2.service

 

2、开放端口

修改防火墙配置

vi /etc/sysconfig/SuSEfirewall2

在文件中找到FW_SERVICES_EXT_TCP，在其后面加上服务名或者是服务对应的端口

如果要开放多个端口则为 FW_SERVICES_EXT_TCP="22 80 8090"

 

3、放行VRRP协议 （用于keepalived搭建高可用规则）

vi /etc/sysconfig/SuSEfirewall2

将下面这行的注释去掉

FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"

并将下面这行注释掉

FW_CUSTOMRULES=""

然后

vi /etc/sysconfig/scripts/SuSEfirewall2-custom

fw_custom_before_port_handling() {

# these rules will be loaded after the anti-spoofing and icmp handling

# and after the input has been redirected to the input_XXX and

# forward_XXX chains and some basic chain-specific anti-circumvention

# rules have been set,

# but before any IP protocol or TCP/UDP port allow/protection rules

# will be set.

# You can use this hook to allow/deny certain IP protocols or TCP/UDP

# ports before the SuSEfirewall2 generated rules are hit.

#添加下面这行

iptables -A INPUT -p vrrp -j ACCEPT -d 224.0.0.18

true

}