Firewalld 規則允許 Java 與網路中的其他伺服器連接

tag-icon tag-icon centos networking ip application firewalld
Firewalld 規則允許 Java 與網路中的其他伺服器連接

在私有網路中的 CentOS 7 伺服器上執行 Java 的 Web 應用程式需要使用 Java 與同一網路中的其他伺服器建立連線。當從 CentOS 7 伺服器進行出站連線時,Java 可能會自動選擇隨機連接埠。

10.0.8.1在伺服器上編寫 Firewalld 規則以使在 IP 中運行的 Java Web 應用程式10.0.8.1能夠使用任何連接埠與網路中的其他伺服器建立連接需要什麼特定語法10.0.8.x

其他伺服器能夠接收在特定連接埠上設定的規則的連接,但 Web 應用程式伺服器的 Java 需要能夠使用任何連接埠。

@garethTheRed 的建議:

根據@garethTheRed的建議,我重新啟動了firewalld並firewall-cmd --list-all-zones在CentOS 7虛擬機上鍵入,該虛擬機的Java安裝無法與同一網路上的另一個虛擬機建立出站資料庫連接。結果如下:

[root@localhost ~]# firewall-cmd --list-all-zones
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

[root@localhost ~]#

相關內容