Oracle linux firewall настройка
- Preface
- System Configuration
- Yum
- About Yum
- About ULN
- Yum Configuration
- Configuring Use of a Proxy Server
- Yum Repository Configuration
- Downloading the Oracle Linux Yum Server Repository Files
- Using Yum Utilities to Manage Configuration
- Overview of Oracle Ksplice
- Supported Kernels
- About Ksplice Updates
- Patching and Updating Your System
- About the Ksplice Enhanced Client
- About the Ksplice Uptrack Client
- About the Boot Process
- About the GRUB Boot Loader
- About the GRUB Configuration File
- Kernel Boot Parameters
- Displaying the Run Level
- Changing the Run Level
- Shutting down the System
- About Service Scripts
- About the Service Configuration GUI
- Starting and Stopping Services
- Configuring Services to Start at Different Run Levels
- About /etc/sysconfig Files
- About the /proc Virtual File System
- Virtual Files and Directories Under /proc
- Changing Kernel Parameters
- Parameters that Control System Performance
- Parameters that Control Kernel Panics
- Virtual Directories Under /sys
- About Kernel Modules
- Listing Information about Loaded Modules
- Loading and Unloading Modules
- About Module Parameters
- Specifying Modules to be Loaded at Boot Time
- About Device Files
- About the Udev Device Manager
- About Udev Rules
- Querying Udev and Sysfs
- Modifying Udev Rules
- About Automating Tasks
- Configuring cron Jobs
- Controlling Access to Running cron Jobs
- Changing the Behavior of Batch Jobs
- About sosreport
- Configuring and Using sosreport
- About Performance Problems
- Monitoring Usage of System Resources
- Monitoring CPU Usage
- Monitoring Memory Usage
- Monitoring Block I/O Usage
- Monitoring File System Usage
- Monitoring Network Usage
- Installing OSWbb
- Running OSWbb
- Analyzing OSWbb Archived Files
- About Kdump
- Configuring and Using Kdump
- Files Used by Kdump
- Using Kdump with OCFS2
- Using Kdump with a System Hang
- Installing the crash Packages
- Running crash
- Kernel Data Structure Analysis Commands
- System State Commands
- Helper Commands
- Session Control Commands
- Guidelines for Examining a Dump File
- About cgroups
- Subsystems
- blkio Parameters
- cpu Parameters
- cpuacct Parameters
- cpuset Parameters
- devices Parameters
- freezer Parameter
- memory Parameters
- net_cls Parameter
- Pinning Processes to CPU Cores
- Controlling CPU and Memory Usage
- Restricting Access to Devices
- Throttling I/O Bandwidth
- Network Configuration
- About Network Interfaces
- About Network Configuration Files
- About the /etc/hosts File
- About the /etc/nsswitch.conf File
- About the /etc/resolv.conf File
- About the /etc/sysconfig/network File
- Using ifenslave to Create Bonded Interfaces
- Using vconfig to Create VLAN Devices
- About the Dynamic Host Configuration Protocol
- Configuring a DHCP Server
- Configuring a DHCP Client
- About Network Address Translation
- About DNS and BIND
- About Types of Name Servers
- About DNS Configuration Files
- About the /etc/named.conf File
- About Resource Records in Zone Files
- About Resource Records for Reverse-name Resolution
- About the NTP Daemon
- Configuring the ntpd Service
- Configuring the PTP Service
- Using PTP as a Time Source for NTP
- About the Apache HTTP Server
- Installing the Apache HTTP Server
- Configuring the Apache HTTP Server
- Testing the Apache HTTP Server
- Configuring Apache Containers
- About Nested Containers
- About Email Programs
- About Email Protocols
- About SMTP
- About POP and IMAP
- About Sendmail Configuration Files
- About HAProxy
- Installing and Configuring HAProxy
- About the HAProxy Configuration File
- Configuring HAProxy for Session Persistence
- About the Keepalived Configuration File
- Configuring Firewall Rules for Keepalived NAT-Mode Load Balancing
- Configuring Back-End Server Routing for Keepalived NAT-Mode Load Balancing
- Configuring Firewall Rules for Keepalived DR-Mode Load Balancing
- Configuring the Back-End Servers for Keepalived DR-Mode Load Balancing
- Storage Management
- About Disk Partitions
- Managing Partition Tables Using fdisk
- Managing Partition Tables Using parted
- Mapping Partition Tables to Devices
- Viewing Swap Space Usage
- Creating and Using a Swap File
- Creating and Using a Swap Partition
- Removing a Swap File or Swap Partition
- Initializing and Managing Physical Volumes
- Creating and Managing Volume Groups
- Creating and Managing Logical Volumes
- Creating Software RAID Devices
- Configuring an iSCSI Target
- Configuring an iSCSI Initiator
- Updating the Discovery Database
- Configuring Multipathing
- Making File Systems
- Mounting File Systems
- About Mount Options
- Changing the Frequency of File System Checking
- Configuring ACL Support
- Setting and Displaying ACLs
- Enabling Disk Quotas on File Systems
- Assigning Disk Quotas to Users and Groups
- Setting the Grace Period
- Displaying Disk Quotas
- Enabling and Disabling Disk Quotas
- Reporting on Disk Quota Usage
- Maintaining the Accuracy of Disk Quota Reporting
- About Local File Systems
- About the Btrfs File System
- Creating a Btrfs File System
- Modifying a Btrfs File System
- Compressing and Defragmenting a Btrfs File System
- Resizing a Btrfs File System
- Creating Subvolumes and Snapshots
- Cloning Virtual Machine Images and Linux Containers
- Using Send/Receive to Implement Incremental Backups
- Converting a Non-root File System
- Converting the root File System
- Mounting the Image of the Original File System
- Deleting the Snapshot of the Original File System
- Recovering an Original Non-root File System
- Setting up a New NFS Server
- Configuring an Existing NFS Server
- Setting up a New HTTP Server
- Configuring an Existing HTTP Server
- Setting up a Network Installation Server
- Installing from a Network Installation Server
- About the Installation root File System
- Creating Snapshots of the root File System
- Mounting Alternate Snapshots as the root File System
- Deleting Snapshots of the root File System
- About External XFS Journals
- About XFS Write Barriers
- About Lazy Counters
- Setting Project Quotas
- About Shared File Systems
- About NFS
- Configuring an NFS Server
- Mounting an NFS File System
- Configuring a Samba Server
- About Samba Configuration for Windows Workgroups and Domains
- Configuring Samba as a Standalone Server
- Configuring Samba as a Member of an ADS Domain
- Configuring Samba as a Member of a Windows NT4 Security Domain
- About OCFS2
- Installing and Configuring OCFS2
- Preparing a Cluster for OCFS2
- Configuring the Firewall
- Configuring the Cluster Software
- Creating the Configuration File for the Cluster Stack
- Configuring the Cluster Stack
- Configuring the Kernel for Cluster Operation
- Starting and Stopping the Cluster Stack
- Creating OCFS2 volumes
- Mounting OCFS2 Volumes
- Querying and Changing Volume Parameters
- Recommended Tools for Debugging
- Mounting the debugfs File System
- Configuring OCFS2 Tracing
- Debugging File System Locks
- Configuring the Behavior of Fenced Nodes
- Load Balancing
- Oracle Real Application Cluster (RAC)
- Oracle Databases
- Authentication Configuration
- About Authentication
- About Local Oracle Linux Authentication
- Configuring Local Access
- Configuring Fingerprint Reader Authentication
- Configuring Smart Card Authentication
- Configuring IPA
- About LDAP Data Interchange Format
- Configuring an LDAP Server
- Replacing the Default Certificates
- Creating and Distributing Self-signed CA Certificates
- Initializing an Organization in LDAP
- Adding an Automount Map to LDAP
- Adding a Group to LDAP
- Adding a User to LDAP
- Adding Users to a Group in LDAP
- Enabling LDAP Authentication
- Configuring an LDAP Client to use SSSD
- Configuring an LDAP Client to Use Automount Maps
- About NIS Maps
- Configuring a NIS Server
- Adding User Accounts to NIS
- Enabling NIS Authentication
- Configuring a NIS Client to Use Automount Maps
- Configuring a Kerberos Server
- Configuring a Kerberos Client
- Enabling Kerberos Authentication
- Configuring Pluggable Authentication Modules
- Configuring an SSSD Server
- Enabling Winbind Authentication
- About User and Group Configuration
- Changing Default Settings for User Accounts
- Creating User Accounts
- About umask and the setgid and Restricted Deletion Bits
- About System Security
- Configuring and Using SELinux
- About SELinux Administration
- About SELinux Modes
- Setting SELinux Modes
- About SELinux Policies
- Targeted Policy
- Multilevel Security (MLS) Policy
- Setting SELinux Policies
- Customizing SELinux Policies
- Displaying SELinux User Mapping
- Displaying SELinux Context Information
- Changing the Default File Type
- Restoring the Default File Type
- Relabelling a File System
- Mapping Oracle Linux Users to SELinux Users
- Configuring the Behavior of Application Execution for Users
- Controlling the Firewall Service
- Listing Firewall Rules
- Inserting and Replacing Rules in a Chain
- Deleting Rules in a Chain
- Saving Rules
- Running DNS and FTP Services in a Chroot Jail
- Creating a Chroot Jail
- Using a Chroot Jail
- Configuring Logwatch
- Minimizing the Software Footprint
- Configuring System Logging
- Disabling Core Dumps
- Minimizing Active Services
- Locking Down Network Services
- Configuring a Packet-filtering Firewall
- Configuring TCP Wrappers
- Configuring Kernel Parameters
- Restricting Access to SSH Connections
- Configuring File System Mounts, File Permissions, and File Ownerships
- Checking User Accounts and Privileges
- Configuring User Authentication and Password Policies
- About OpenSSH
- OpenSSH Configuration Files
- OpenSSH User Configuration Files
- User Configuration Files in ~/.ssh on the Client
- User Configuration Files in ~/.ssh on the Server
- Using ssh to Connect to Another System
- Using scp and sftp to Copy Files Between Systems
- Using ssh-keygen to Generate Pairs of Authentication Keys
- Enabling Remote System Access Without Requiring a Password
- Linux Containers
- About Linux Containers
- Supported Oracle Linux Container Versions
- Installing and Configuring the Software
- Setting up the File System for the Containers
- Creating and Starting a Container
- About the lxc-oracle Template Script
- About Veth and Macvlan
- Modifying a Container to Use Macvlan
- Modifying a Container to Use a Static IP Address
The software described in this documentation is either in Extended Support or Sustaining Support. See https://www.oracle.com/us/support/library/enterprise-linux-support-policies-069172.pdf for more information.
Oracle recommends that you upgrade the software described by this documentation as soon as possible.22.2.2 Configuring the Firewall
Configure or disable the firewall on each node to allow access on the interface that the cluster will use for private cluster communication. By default, the cluster uses both TCP and UDP over port 7777.
To allow incoming TCP connections and UDP datagrams on port 7777 from the private network, use the following commands:
#
iptables -I INPUT -s
\subnet_addr
/prefix_length
-p tcp-m state --state NEW -m tcp --dport 7777 -j ACCEPT
#iptables -I INPUT -s
\subnet_addr
/prefix_length
-p udp-m udp --dport 7777 -j ACCEPT
#service iptables save
where subnet_addr / prefix_length specifies the network address of the private network, for example 10.0.1.0/24 .
Copyright © 2013, 2021, Oracle and/or its affiliates. Legal Notices
- About Linux Containers
- OpenSSH User Configuration Files
- About Disk Partitions
- About the GRUB Configuration File
- Yum