firewall settings | firewalld | iptables | firewall-cmd --add-service=http --permanent | match = target

By OK -
The iptables command is used to set up, configure,
and view the tables of the IPv4 rules in the kernel. It is somewhat complicated and so this will
serve as just a simple overview.
iptables uses one or more tables. Each table has a number of pre-made chains and can
also contain user-created chains. A chain is a list of rules, and a rule specifies what to do
with a packet that matches. This “match” is called a target.
When a packet does not match, the next rule in the chain is looked at. If it does match, one
of the following can be specified for the packet:
- ACCEPT: It allows the packet to pass on
- DROP: It rejects the packet
- QUEUE: It passes the packet on to the user space
- RETURN: It stops the running of this chain and continues at the next rule in the
calling chain

Here are a few iptable commands. Do not run these commands on your system; this
is an example only:
1. To delete all existing rules, use the following command:
iptables -F
2. To block a specific IP address, use the following command:
iptables -A INPUT -s 192.168.1.115 -j DROP
3. To allow loopback access, use the following command:
iptables -A INPUT -i lo -j ACCEPT

iptables -A OUTPUT -o lo -j ACCEPT
==========================

 firewall-config is easy and convenient, but requires a graphical setup

firewalld - don't forget about runtime and permanent

[root@localhost ~]# firewall-cmd --get-services 
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http https imap imaps ipp ipp-client ipsec......

[root@localhost ~]# firewall-cmd --add-service=http
success
[root@localhost ~]# firewall-cmd --add-service=http --permanent 
success
[root@localhost ~]#






Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more