曾经

centos7防火墙iptables

修改默认端口22

vim /etc/ssh/sshd_config

注释

#Port 22

下面添加这一行

Port 61900

重启ssh

systemctl restart sshd.service

关闭firewall

systemctl stop firewalld 
systemctl mask firewalld

安装iptables

yum install -y iptables
yum update iptables
yum install -y iptables-services
systemctl enable iptables.service
systemctl start iptables.service

其他

vim /etc/sysconfig/iptables

service iptables save

systemctl restart iptables.service

service docker restart

完整脚本

cat >> /usr/local/bin/fired.sh <<'EOF'
#!/bin/bash

iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 61900 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -p tcp --dport 63791 -j ACCEPT
iptables -A INPUT -p tcp --dport 33061 -j ACCEPT
iptables -A INPUT -p tcp --dport 23751 -j ACCEPT
iptables -A INPUT -p tcp --dport 5673 -j ACCEPT
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT

iptables -A INPUT -p tcp --dport 2376 -j ACCEPT
iptables -A INPUT -p tcp --dport 2377 -j ACCEPT
iptables -A INPUT -p tcp --dport 7946 -j ACCEPT
iptables -A INPUT -p udp --dport 7946 -j ACCEPT
iptables -A INPUT -p tcp --dport 4789 -j ACCEPT
iptables -A INPUT -p udp --dport 4789 -j ACCEPT
 
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

service iptables save
systemctl restart iptables.service
systemctl restart docker
sudo chmod 666 /var/run/docker.sock
EOF
chmod +x /usr/local/bin/fired.sh

cat >> /usr/local/bin/fired.sh <<'EOF'
#!/bin/bash

iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 61900 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -p tcp --dport 23751 -j ACCEPT
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT

iptables -A INPUT -p tcp --dport 2376 -j ACCEPT
iptables -A INPUT -p tcp --dport 2377 -j ACCEPT
iptables -A INPUT -p tcp --dport 7946 -j ACCEPT
iptables -A INPUT -p udp --dport 7946 -j ACCEPT
iptables -A INPUT -p tcp --dport 4789 -j ACCEPT
iptables -A INPUT -p udp --dport 4789 -j ACCEPT

iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

service iptables save
systemctl restart iptables.service
systemctl restart docker
sudo chmod 666 /var/run/docker.sock
EOF
chmod +x /usr/local/bin/fired.sh

cat >> /usr/local/bin/fired.sh <<'EOF'
#!/bin/bash

iptables -P INPUT ACCEPT
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -p tcp --dport 61900 -j ACCEPT
iptables -A INPUT -p tcp --dport 21 -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
iptables -A INPUT -p tcp --dport 443 -j ACCEPT

iptables -A INPUT -p tcp --dport 23751 -j ACCEPT
iptables -A INPUT -p tcp --dport 9000 -j ACCEPT
 
iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP

service iptables save
systemctl restart iptables.service
systemctl restart docker
sudo chmod 666 /var/run/docker.sock
EOF
chmod +x /usr/local/bin/fired.sh

jenkins赋权

sudo chmod 666 /var/run/docker.sock

加入开机启动项

cat >> /etc/rc.d/rc.local <<EOF
# Firewall & Docker
/usr/bin/systemctl start iptables.service
/usr/local/bin/fired.sh
/usr/bin/systemctl start docker
EOF

chmod +x /etc/rc.d/rc.local

https://www.centos.bz/2018/01/centos-7-docker-%E9%98%B2%E7%81%AB%E5%A2%99%E7%AE%80%E5%8D%95%E9%85%8D%E7%BD%AE/

https://kknews.cc/code/j4yl8py.html