关于SUSE 12防火墙
系统SUSE Linux Enterprise Server 12 SP5 (x86_64)
1、打开/关闭/查看防火墙
防火墙的服务名称为:SuSEfirewall2.service
防火墙关停操作
systemctl start/stop/status SuSEfirewall2.service
2、开放端口
修改防火墙配置
vi /etc/sysconfig/SuSEfirewall2
在文件中找到FW_SERVICES_EXT_TCP,在其后面加上服务名或者是服务对应的端口
如果要开放多个端口则为 FW_SERVICES_EXT_TCP="22 80 8090"
3、放行VRRP协议 (用于keepalived搭建高可用规则)
vi /etc/sysconfig/SuSEfirewall2
将下面这行的注释去掉
FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom"
并将下面这行注释掉
FW_CUSTOMRULES=""
然后
vi /etc/sysconfig/scripts/SuSEfirewall2-custom
fw_custom_before_port_handling() {
# these rules will be loaded after the anti-spoofing and icmp handling
# and after the input has been redirected to the input_XXX and
# forward_XXX chains and some basic chain-specific anti-circumvention
# rules have been set,
# but before any IP protocol or TCP/UDP port allow/protection rules
# will be set.
# You can use this hook to allow/deny certain IP protocols or TCP/UDP
# ports before the SuSEfirewall2 generated rules are hit.
#添加下面这行
iptables -A INPUT -p vrrp -j ACCEPT -d 224.0.0.18
true
}