背景:
zookeeper未授权访问漏洞,进行限制访问,采用防火墙访问策略
配置步骤:
powershell
##查看firewall配置清单
firewall-cmd --list-all
##查到为关闭态,启动防火墙
systemctl start firewalld
## 添加端口,这里从25到60000的tcp和udp都开起来,除了2181
firewall-cmd --zone=public --add-port=25-2180/tcp --permanent
firewall-cmd --zone=public --add-port=2182-60000/tcp --permanent
firewall-cmd --zone=public --add-port=25-2180/udp --permanent
firewall-cmd --zone=public --add-port=2182-60000/udp --permanent
## 这里把2181端口添加授权访问主机IP
#按网段添加
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.1.1.160/27" port protocol="tcp" port="2181" accept"
#单个IP添加
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.1.1.170" port protocol="tcp" port="2181" accept"
##重新加载配置
firewall-cmd --reload
##验证下策略情况
firewall-cmd --list-all
##内外测试下连通性
telnet 10.1.1.174 2181
########################################
#以下命令不需要,是一处rich-rule的
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" port protocol="tcp" port="2181" reject"
#移除段
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="10.1.1.160/27" port protocol="tcp" port="2181" accept"
#移除单个IP
firewall-cmd --permanent --remove-rich-rule="rule family="ipv4" source address="10.1.1.170" port protocol="tcp" port="2181" accept"