centos7 firewall 一些用法

[5]For exmaple, Configure that outgoing packets through the Server from Internal network(10.0.0.0/24) are allowed and forwarded to External side.

# set masquerading to internal zone
[root@dlp ~]# firewall-cmd --zone=internal --add-masquerade --permanent
success
[root@dlp ~]# firewall-cmd --reload
success
[root@dlp ~]# firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth1 -j MASQUERADE
[root@dlp ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth0 -o eth1 -j ACCEPT
[root@dlp ~]# firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT

For example, Configure that incoming packets come to 22 port of External zone are forwarded to another Host(192.168.0.31) of 22 port

firewall-cmd --zone=external --add-forward-port=port=22:proto=tcp:toport=22:toaddr=192.168.0.31

 

posted on 2020-03-27 01:38  震撼起飞  阅读(347)  评论(0编辑  收藏  举报

导航