{"id":69917,"date":"2026-02-01T07:17:47","date_gmt":"2026-01-31T23:17:47","guid":{"rendered":"https:\/\/www.wsisp.com\/helps\/69917.html"},"modified":"2026-02-01T07:17:47","modified_gmt":"2026-01-31T23:17:47","slug":"rh134%e5%ad%a6%e4%b9%a0%e8%bf%9b%e7%a8%8b-%e5%8d%81%e4%b8%80-%e7%ae%a1%e7%90%86%e7%bd%91%e7%bb%9c%e5%ae%89%e5%85%a8","status":"publish","type":"post","link":"https:\/\/www.wsisp.com\/helps\/69917.html","title":{"rendered":"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168"},"content":{"rendered":"

\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168<\/h2>\n

1.\u7ba1\u7406\u670d\u52a1\u5668\u9632\u706b\u5899<\/h3>\n

1.1\u9632\u706b\u5899\u67b6\u6784\u6982\u5ff5(netfilter\u6846\u67b6)<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u9632\u706b\u5899\u662f\u7f51\u7edc\u5b89\u5168\u7684\u5173\u952e\u7ec4\u4ef6,\u7528\u4e8e\u9694\u79bb\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u7f51\u7edc\u533a\u57df(\u5982\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u4e92\u8054\u7f51),\u901a\u8fc7\u5236\u5b9a\u89c4\u5219\u6765\u63a7\u5236\u6d41\u91cf\u7684\u8fdb\u51fa,\u5b9e\u73b0\u7f51\u7edc\u5b89\u5168\u9694\u79bb;<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0Linux \u5185\u6838\u7684 netfilter \u6846\u67b6\u7528\u4e8e\u5b9e\u73b0\u6570\u636e\u5305\u8fc7\u6ee4\u3001\u7f51\u7edc\u5730\u5740\u8f6c\u6362(NAT)\u3001\u7aef\u53e3\u8f6c\u6362\u7b49\u529f\u80fd;<\/p>\n

\u6838\u5fc3\u673a\u5236:hook\u70b9<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5b83\u5728 Linux \u7f51\u7edc\u534f\u8bae\u6808\u4e2d\u9884\u8bbe\u4e86\u591a\u4e2a\u62e6\u622a\u70b9(hook),\u6bd4\u5982\u6570\u636e\u5305\u8fdb\u5165\u7f51\u5361\u63a5\u53e3\u65f6\u3001\u8def\u7531\u51b3\u7b56\u524d\u540e\u3001\u6570\u636e\u5305\u79bb\u5f00\u670d\u52a1\u5668\u65f6\u7b49\u3002\u5f53\u6570\u636e\u5305\u6d41\u7ecf\u8fd9\u4e9b hook \u70b9\u65f6,\u4f1a\u89e6\u53d1\u9884\u5148\u5b9a\u4e49\u7684\u89c4\u5219(\u5982\u9632\u706b\u5899\u7b56\u7565),\u4ece\u800c\u5b9e\u73b0\u5bf9\u6d41\u91cf\u7684 \u201c\u62e6\u622a – \u68c0\u67e5 – \u653e\u884c \/ \u62d2\u7edd\u201d \u64cd\u4f5c\u3002<\/p>\n

\u4f5c\u7528:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6240\u6709 Linux \u9632\u706b\u5899\u5de5\u5177\u7684\u5e95\u5c42\u652f\u6491,\u6240\u6709\u7f51\u7edc\u6d41\u91cf\u7684\u63a7\u5236\u903b\u8f91\u6700\u7ec8\u90fd\u4f9d\u8d56 netfilter \u6846\u67b6\u6765\u6267\u884c\u3002<\/p>\n

1.2nftables\u6846\u67b6<\/h3>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0nftables\u6846\u67b6\u662f\u57fa\u4e8e netfilter \u6784\u5efa\u7684\u65b0\u4e00\u4ee3\u6570\u636e\u5305\u5206\u7c7b\u4e0e\u89c4\u5219\u7ba1\u7406\u6846\u67b6,\u5728 RHEL 9 \u7b49\u73b0\u4ee3 Linux \u53d1\u884c\u7248\u4e2d\u53d6\u4ee3\u4e86\u8001\u65e7\u7684 iptables,\u6210\u4e3a\u9632\u706b\u5899\u89c4\u5219\u7684\u6838\u5fc3\u5b9e\u73b0\u3002<\/p>\n

\u4f18\u52bf:<\/p>\n\n\n\n\n\n\n
\n

\u7279\u6027<\/span><\/p>\n<\/td>\n

\n

iptables \u6846\u67b6<\/span><\/p>\n<\/td>\n

\n

nftables \u6846\u67b6<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\u534f\u8bae\u652f\u6301<\/p>\n<\/td>\n

\n

IPv4\u3001IPv6\u3001ARP\u3001\u4ee5\u592a\u7f51\u5206\u522b\u7528iptables<\/span>\u3001ip6tables<\/span>\u3001arptables<\/span>\u3001ebtables<\/span>\u00a0\u7ba1\u7406<\/p>\n<\/td>\n

\n

\u4e00\u4e2a\u00a0nft<\/span>\u00a0\u5de5\u5177\u7edf\u4e00\u7ba1\u7406\u6240\u6709\u534f\u8bae\u6d41\u91cf<\/p>\n<\/td>\n<\/tr>\n

\n

\u89c4\u5219\u6548\u7387<\/p>\n<\/td>\n

\n

\u591a\u534f\u8bae\u89c4\u5219\u5206\u6563,\u5927\u6d41\u91cf\u4e0b\u6027\u80fd\u5f00\u9500\u8f83\u9ad8<\/p>\n<\/td>\n

\n

\u89c4\u5219\u96c6\u66f4\u9ad8\u6548,\u652f\u6301\u6279\u91cf\u64cd\u4f5c,\u8d44\u6e90\u6d88\u8017\u66f4\u4f4e<\/p>\n<\/td>\n<\/tr>\n

\n

\u8bed\u6cd5\u4e0e\u6613\u7528\u6027<\/p>\n<\/td>\n

\n

\u8bed\u6cd5\u76f8\u5bf9\u7e41\u7410,\u89c4\u5219\u903b\u8f91\u5206\u6563<\/p>\n<\/td>\n

\n

\u8bed\u6cd5\u7b80\u6d01\u7edf\u4e00,\u652f\u6301\u66f4\u7075\u6d3b\u7684\u89c4\u5219\u7ec4\u5408\u4e0e\u6279\u91cf\u914d\u7f6e<\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u8fc1\u79fb\u517c\u5bb9\u6027:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u4e3a\u4e86\u5e73\u6ed1\u8fc7\u6e21,\u7cfb\u7edf\u63d0\u4f9b iptables-translate\u00a0\u548c ip6tables-translate \u5de5\u5177,\u53ef\u5c06\u65e7\u7684 iptables \u914d\u7f6e\u6587\u4ef6\u81ea\u52a8\u8f6c\u6362\u4e3a nftables \u683c\u5f0f\u7684\u914d\u7f6e,\u964d\u4f4e\u8fc1\u79fb\u6210\u672c\u3002<\/p>\n

\n

1.3 firewalld<\/h3>\n

1.3.1 firewalld\u7b80\u4ecb<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewalld \u662f\u57fa\u4e8e nftables\u7684\u9632\u706b\u5899\u7ba1\u7406\u5668,\u7b80\u5316\u4e86\u9632\u706b\u5899\u7684\u7ba1\u7406,\u8ba9\u9632\u706b\u5899\u914d\u7f6e\u66f4\u7b80\u5355\u3002<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewalld\u7684\u5e95\u5c42\u5728 RHEL 9 \u53ca\u4ee5\u540e\u4f9d\u8d56 nftables,\u4f46\u5bf9\u7528\u6237\u6765\u8bf4\u65e0\u9700\u5173\u6ce8\u5e95\u5c42\u7ec6\u8282,\u53ea\u9700\u901a\u8fc7firewalld \u7684\u903b\u8f91(zone\u3001\u670d\u52a1)\u914d\u7f6e\u5373\u53ef\u3002<\/p>\n

1.3.2 zone\u6982\u5ff5<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewalld\u5f15\u5165\u4e86zone(\u533a\u57df)\u7684\u6982\u5ff5,\u6bcf\u4e2azone\u90fd\u662f\u4e00\u7ec4\u9884\u5b9a\u4e49\u7684\u89c4\u5219,\u6839\u636e\u6570\u636e\u5305\u7684\u6e90IP\u6216\u4f20\u5165\u7f51\u7edc\u63a5\u53e3,\u5c06\u6d41\u91cf\u5206\u7c7b\u5230\u4e0d\u540c\u7684zone,\u5e76\u5e94\u7528\u76f8\u5e94\u89c4\u5219;<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0zone \u662f\u4e00\u7ec4\u9884\u5b9a\u4e49\u7684\u9632\u706b\u5899\u89c4\u5219\u96c6\u5408,\u6bcf\u4e2a zone \u5bf9\u5e94\u4e0d\u540c\u7684 \u201c\u4fe1\u4efb\u7ea7\u522b\u201d\u3002\u4f8b\u5982,\u5bf9\u5b8c\u5168\u53ef\u4fe1\u7684\u5185\u90e8\u7f51\u7edc,\u53ef\u4f7f\u7528 trusted zone(\u5141\u8bb8\u6240\u6709\u6d41\u91cf);\u5bf9\u4e0d\u53ef\u4fe1\u7684\u516c\u7f51,\u53ef\u4f7f\u7528 public zone(\u4ec5\u5141\u8bb8\u5c11\u6570\u5fc5\u8981\u670d\u52a1,\u5982 SSH)\u3002<\/p>\n

\n

1.3.2.1\u5e38\u89c4\u5339\u914d:<\/h5>\n

(1)\u6e90IP\u5339\u914d<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u670d\u52a1\u5668\u6709trusted zone; \u6e90IP:192.168.1.100<\/p>\n

\"\"<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6b64\u65f6,\u6765\u81ea 192.168.1.100 \u7684\u6240\u6709\u6d41\u91cf,\u90fd\u4f1a\u5e94\u7528 trusted zone \u7684\u89c4\u5219<\/p>\n

(2)\u7f51\u7edc\u63a5\u53e3\u5339\u914d<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u670d\u52a1\u5668\u7f51\u5361:ens33;\u7ed1\u5b9a\u5230public zone<\/p>\n

\"\"<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6240\u6709\u4ece ens33 \u63a5\u53e3\u8fdb\u5165\u7684\u6d41\u91cf(\u65e0\u8bba\u6e90 IP),\u90fd\u4f1a\u5e94\u7528 public zone \u7684\u89c4\u5219<\/p>\n

1.3.2.2\u9ed8\u8ba4zone\u515c\u5e95<\/h5>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5982\u679c\u6d41\u91cf\u7684\u6e90 IP \u6ca1\u7ed1\u5b9a zone,\u7f51\u7edc\u63a5\u53e3\u4e5f\u6ca1\u5173\u8054 zone,\u5c31\u4f1a\u5339\u914d\u9ed8\u8ba4 zone(firewalld \u9ed8\u8ba4\u662f public zone)\u3002<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6bd4\u5982\u670d\u52a1\u5668\u6709\u4e00\u4e2a\u65b0\u7f51\u5361 ens34 \u672a\u5173\u8054\u4efb\u4f55 zone,\u90a3\u4e48\u4ece ens34 \u8fdb\u5165\u7684\u6d41\u91cf\u4f1a\u81ea\u52a8\u5e94\u7528 public zone \u7684\u89c4\u5219\u3002<\/p>\n

1.3.3\u6838\u5fc3\u6d41\u7a0b:<\/h5>\n

\"\"<\/p>\n

1.4\u9884\u5b9a\u4e49zone<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u9884\u5b9a\u4e49 zone \u662f firewalld \u5185\u7f6e\u7684\u4e00\u7ec4\u9884\u5148\u914d\u7f6e\u597d\u7684 \u201c\u533a\u57df – \u89c4\u5219\u96c6\u5408\u201d,\u6bcf\u4e2a zone \u5bf9\u5e94\u4e0d\u540c\u7684\u4fe1\u4efb\u7ea7\u522b\u548c\u6d41\u91cf\u63a7\u5236\u7b56\u7565\u3002\u7ba1\u7406\u5458\u53ef\u76f4\u63a5\u4f7f\u7528\u8fd9\u4e9b\u9884\u5b9a\u4e49 zone,\u4e5f\u53ef\u57fa\u4e8e\u5b83\u4eec\u8fdb\u884c\u81ea\u5b9a\u4e49\u4fee\u6539,\u4ece\u800c\u5feb\u901f\u642d\u5efa\u9632\u706b\u5899\u7b56\u7565\u3002<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u901a\u8fc7\u5c06\u7f51\u7edc\u6d41\u91cf\u6309\u201c\u4fe1\u4efb\u7ea7\u522b\u201d(\u5982\u201c\u5b8c\u5168\u53ef\u4fe1\u7684\u5185\u90e8\u7f51\u7edc\u201d\u201c\u4e0d\u53ef\u4fe1\u7684\u516c\u7f51\u201d)\u5f52\u7c7b\u5230\u4e0d\u540c\u9884\u5b9a\u4e49 zone,\u7b80\u5316\u9632\u706b\u5899\u89c4\u5219\u7684\u914d\u7f6e\u903b\u8f91 \u2014\u2014 \u65e0\u9700\u4ece\u96f6\u5f00\u59cb\u7f16\u5199\u89c4\u5219,\u53ea\u9700\u9009\u62e9\u5408\u9002\u7684 zone \u5e76\u5fae\u8c03\u5373\u53ef\u3002<\/p>\n

\u9884\u5b9a\u4e49zone\u89c4\u5219\u8be6\u89e3<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n
\n

\u533a\u57df\u540d\u79f0<\/span><\/p>\n<\/td>\n

\n

\u9ed8\u8ba4\u914d\u7f6e(\u4f20\u5165\u6d41\u91cf\u89c4\u5219)<\/span><\/p>\n<\/td>\n

\n

\u6838\u5fc3\u7279\u70b9<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

trusted<\/span><\/p>\n<\/td>\n

\n

\u5141\u8bb8\u6240\u6709\u4f20\u5165\u6d41\u91cf<\/span><\/p>\n<\/td>\n

\n

\u4fe1\u4efb\u7ea7\u522b\u6700\u9ad8<\/span>,\u65e0\u4efb\u4f55\u6d41\u91cf\u9650\u5236<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

home<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u6216\u4e0e<\/span>ssh<\/span>\u3001<\/span>mdns<\/span>\u3001<\/span>ipp-client<\/span>\u3001<\/span>samba-client<\/span>\u3001<\/span>dhcpv6-client<\/span>\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u5339\u914d,\u5426\u5219\u62d2\u7edd\u4f20\u5165\u6d41\u91cf<\/span><\/p>\n<\/td>\n

\n

\u9762\u5411<\/span>\u5bb6\u5ead\u573a\u666f<\/span>,\u653e\u884c\u6587\u4ef6\u5171\u4eab(samba)\u3001\u6253\u5370\u673a(ipp)\u7b49\u5bb6\u5ead\u5e38\u7528\u670d\u52a1<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

internal<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u6216\u4e0e\u00a0<\/span>ssh<\/span>\u3001<\/span>mdns<\/span>\u3001<\/span>ipp-client<\/span>\u3001<\/span>samba-client<\/span>\u3001<\/span>dhcpv6-client<\/span>\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u5339\u914d,\u5426\u5219\u62d2\u7edd\u4f20\u5165\u6d41\u91cf(\u521d\u59cb\u4e0e\u00a0<\/span>home<\/span>\u00a0\u89c4\u5219\u76f8\u540c,\u53ef\u540e\u7eed\u81ea\u5b9a\u4e49\u5dee\u5f02)<\/span><\/p>\n<\/td>\n

\n

\u6bd4<\/span>home<\/span>\u66f4<\/span>\u504f\u5411\u4f01\u4e1a\u5185\u90e8\u573a\u666f<\/span>,\u53ef\u6839\u636e\u9700\u6c42\u8c03\u6574\u670d\u52a1\u653e\u884c\u89c4\u5219<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

work<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u6216\u4e0e\u00a0<\/span>ssh<\/span>\u3001<\/span>ipp-client<\/span>\u3001<\/span>dhcpv6-client<\/span>\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u5339\u914d,\u5426\u5219\u62d2\u7edd\u4f20\u5165\u6d41\u91cf<\/span><\/p>\n<\/td>\n

\n

\u9762\u5411<\/span>\u529e\u516c\u573a\u666f<\/span>,\u653e\u884c\u529e\u516c\u6253\u5370\u673a(ipp)\u3001SSH \u7ba1\u7406\u7b49\u670d\u52a1,\u5f31\u5316\u5bb6\u5ead\u7c7b\u7684\u00a0<\/span>mdns<\/span>\u3001<\/span>samba<\/span>\u00a0\u670d\u52a1<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

public<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u6216\u4e0e\u00a0<\/span>ssh<\/span>\u3001<\/span>dhcpv6-client<\/span>\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u5339\u914d,\u5426\u5219\u62d2\u7edd\u4f20\u5165\u6d41\u91cf;\u662f\u65b0\u6dfb\u52a0\u7f51\u7edc\u63a5\u53e3\u7684\u9ed8\u8ba4\u533a\u57df<\/span><\/p>\n<\/td>\n

\n

\u4fe1\u4efb\u7ea7\u522b\u4f4e,\u4ec5<\/span>\u653e\u884c\u6700\u5fc5\u8981\u7684\u670d\u52a1<\/span>(SSH \u7528\u4e8e\u8fdc\u7a0b\u7ba1\u7406\u3001DHCPv6 \u7528\u4e8e IPv6 \u5730\u5740\u83b7\u53d6)<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

external<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u6216\u4e0e\u00a0<\/span>ssh<\/span>\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u5339\u914d,\u5426\u5219\u62d2\u7edd\u4f20\u5165\u6d41\u91cf;\u901a\u8fc7\u6b64\u533a\u57df\u8f6c\u53d1\u7684 IPv4 \u4f20\u51fa\u6d41\u91cf\u4f1a\u8fdb\u884c\u4f2a\u88c5(NAT)<\/span><\/p>\n<\/td>\n

\n

\u5177\u5907 NAT \u529f\u80fd,\u65e2\u80fd<\/span>\u9650\u5236\u4f20\u5165\u6d41\u91cf<\/span>,\u53c8\u80fd\u8ba9\u5185\u90e8\u8bbe\u5907\u901a\u8fc7\u5b83<\/span>\u5b89\u5168\u8bbf\u95ee\u516c\u7f51<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

dmz<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u6216\u4e0e\u00a0<\/span>ssh<\/span>\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u5339\u914d,\u5426\u5219\u62d2\u7edd\u4f20\u5165\u6d41\u91cf<\/span><\/p>\n<\/td>\n

\n

\u4ec5<\/span>\u653e\u884c\u5bf9\u5916\u670d\u52a1<\/span>\u7684\u5fc5\u8981\u6d41\u91cf,\u540c\u65f6\u901a\u8fc7 SSH \u4fdd\u7559\u8fdc\u7a0b\u7ba1\u7406\u80fd\u529b,\u5e73\u8861 \u201c\u5bf9\u5916\u670d\u52a1\u201d \u4e0e \u201c\u5b89\u5168\u9694\u79bb\u201d<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

block<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u5426\u5219\u62d2\u7edd\u6240\u6709\u4f20\u5165\u6d41\u91cf<\/span><\/p>\n<\/td>\n

\n

\u5bf9\u4f20\u5165\u6d41\u91cf \u201c<\/span>\u786c\u62d2\u7edd<\/span>\u201d,\u4f46\u4f1a<\/span>\u8fd4\u56de <\/span>ICMP <\/span>\u9519\u8bef\u63d0\u793a<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

drop<\/span><\/p>\n<\/td>\n

\n

\u9664\u975e\u4e0e\u4f20\u51fa\u6d41\u91cf\u76f8\u5173,\u5426\u5219\u4e22\u5f03\u6240\u6709\u4f20\u5165\u6d41\u91cf(\u751a\u81f3\u4e0d\u4ea7\u751f ICMP \u9519\u8bef\u54cd\u5e94)<\/span><\/p>\n<\/td>\n

\n

\u5bf9\u4f20\u5165\u6d41\u91cf \u201c\u9759\u9ed8\u4e22\u5f03\u201d,<\/span>\u4e0d\u8fd4\u56de\u4efb\u4f55\u54cd\u5e94<\/span>,\u8ba9\u653b\u51fb\u8005\u96be\u4ee5\u5224\u65ad\u76ee\u6807\u72b6\u6001<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

1.5\u9884\u5b9a\u4e49\u670d\u52a1<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u662f firewalld \u5185\u7f6e\u201c\u7f51\u7edc\u670d\u52a1 – \u7aef\u53e3 \/ \u534f\u8bae\u6620\u5c04\u96c6\u5408\u201d\u3002\u5b83\u5c06\u5e38\u89c1\u7f51\u7edc\u670d\u52a1(\u5982 SSH\u3001DNS\u3001\u6587\u4ef6\u5171\u4eab)\u4e0e\u5bf9\u5e94\u7684\u7aef\u53e3\u3001\u534f\u8bae(TCP\/UDP)\u9884\u5148\u5173\u8054,\u8ba9\u7ba1\u7406\u5458\u65e0\u9700\u8bb0\u5fc6\u590d\u6742\u7684\u7aef\u53e3\u53f7,\u53ea\u9700\u901a\u8fc7 \u201c\u670d\u52a1\u540d\u79f0\u201d\u00a0\u5373\u53ef\u5feb\u901f\u914d\u7f6e\u9632\u706b\u5899\u89c4\u5219\u3002<\/p>\n

\u5e38\u89c1\u9884\u5b9a\u4e49\u670d\u52a1<\/p>\n\n\n\n\n\n\n\n\n
\n

\u670d\u52a1\u540d\u79f0<\/span><\/p>\n<\/td>\n

\n

\u914d\u7f6e\u8be6\u60c5<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

SSH<\/span><\/p>\n<\/td>\n

\n

\u672c\u5730 SSH \u670d\u52a1\u5668,\u653e\u884c\u201c<\/span>22\/tcp\u201d<\/span>\u6d41\u91cf<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

dhcpv6-client<\/span><\/p>\n<\/td>\n

\n

\u672c\u5730 DHCPv6 \u5ba2\u6237\u7aef,\u653e\u884c\u201c<\/span>fe80::\/64 <\/span>IPv6\u201d\u7f51\u7edc\u4e2d\u201c<\/span>546\/udp\u201d<\/span>\u6d41\u91cf<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

ipp-client<\/span><\/p>\n<\/td>\n

\n

\u672c\u5730 IPP \u6253\u5370\u670d\u52a1,\u653e\u884c\u201c<\/span>631\/udp\u201d<\/span>\u6d41\u91cf<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

samba-client<\/span><\/p>\n<\/td>\n

\n

\u672c\u5730 Windows \u6587\u4ef6\u548c\u6253\u5370\u5171\u4eab\u5ba2\u6237\u7aef,\u653e\u884c\u201c<\/span>137\/udp<\/span>\u3001<\/span>138\/udp\u201d<\/span>\u6d41\u91cf<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

mdns<\/span><\/p>\n<\/td>\n

\n

\u591a\u64ad DNS(mDNS)\u672c\u5730\u94fe\u8def\u540d\u79f0\u89e3\u6790,\u653e\u884c\u201c<\/span>5353\/udp\u201d<\/span>\u6d41\u91cf(\u6307\u5411\u201c<\/span>224.0.0.251<\/span>\u201d\u6216\u201c<\/span>ff02::fb<\/span>\u201d\u591a\u64ad\u5730\u5740)<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\u5217\u51fa\u9884\u5b9a\u4e49\u670d\u52a1:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –get-services<\/p>\n

\u5982:<\/p>\n

\"\"<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u9884\u5b9a\u4e49\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u4f4d\u7f6e\u2014\u2014\/usr\/lib\/firewalld\/services<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6587\u4ef6\u7684\u683c\u5f0f\u7531firewalld.zone(5)\u5b9a\u4e49(\u5b98\u65b9\u6587\u6863,\u5b9a\u4e49\u89c4\u5219\u4e0e\u7ea6\u675f)<\/p>\n

\n

1.7\u4ece\u547d\u4ee4\u884c\u914d\u7f6e\u9632\u706b\u5899<\/h4>\n

1.7.1\u6982\u5ff5<\/h5>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd \u547d\u4ee4\u4f1a\u4e0efirewalld\u8fdb\u884c\u4ea4\u4e92,\u6240\u6709\u9632\u706b\u5899\u7684\u89c4\u5219\u914d\u7f6e\u3001zone \u7ba1\u7406\u3001\u670d\u52a1\u542f\u7528\u7b49\u64cd\u4f5c,\u90fd\u53ef\u901a\u8fc7\u5b83\u5b8c\u6210\u3002<\/p>\n

\u9632\u706b\u5899\u914d\u7f6e:<\/p>\n

(1)runtime \u914d\u7f6e:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u4e34\u65f6\u751f\u6548\u7684\u89c4\u5219,\u670d\u52a1\u5668\u91cd\u542f\u6216 firewalld \u670d\u52a1\u91cd\u542f\u540e\u4f1a\u4e22\u5931\u3002<\/p>\n

(2)permanent \u914d\u7f6e:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6c38\u4e45\u751f\u6548\u7684\u89c4\u5219,\u9700\u901a\u8fc7 firewall-cmd –reload \u52a0\u8f7d\u540e\u624d\u80fd\u5728 runtime \u4e2d\u751f\u6548\u3002<\/p>\n

\u9009\u9879:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0–zone=ZONE:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u7528\u4e8e\u6307\u5b9a\u547d\u4ee4\u4f5c\u7528\u7684\u533a\u57df(zone),\u82e5\u4e0d\u6307\u5b9a\u5219\u9ed8\u8ba4\u4f5c\u7528\u4e8e \u201c\u9ed8\u8ba4 zone\u201d(\u901a\u5e38\u662f public)\u3002<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5982\u679c\u9700\u8981\u5b50\u7f51\u63a9\u7801,\u4f7f\u7528CIDR\u8868\u793a\u6cd5,\u5982192.168.1\/24;<\/p>\n

firewalld \u914d\u7f6e\u67b6\u6784\u56fe\u89e3:<\/p>\n

\"\"<\/p>\n

\n

1.7.2\u5e38\u89c1\u547d\u4ee4<\/h5>\n\n\n\n\n\n\n\n\n\n\n\n\n
\n

\u529f\u80fd\u5206\u7c7b<\/span><\/p>\n<\/td>\n

\n

\u547d\u4ee4\u683c\u5f0f<\/span><\/p>\n<\/td>\n

\n

\u4f5c\u7528\u8bf4\u660e<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

�� \u67e5\u770b\u4fe1\u606f\u7c7b<\/span><\/p>\n<\/td>\n

\n

firewall-cmd –get-zones<\/span><\/p>\n<\/td>\n

\n

\u5217\u51fa\u7cfb\u7edf\u6240\u6709\u9884\u5b9a\u4e49 zone<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –zone=<ZONE> –list-all<\/span><\/p>\n<\/td>\n

\n

\u67e5\u770b\u6307\u5b9a zone \u7684\u6240\u6709\u89c4\u5219(\u670d\u52a1\u3001\u7aef\u53e3\u3001\u6e90 IP \u7b49)<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –get-services<\/span><\/p>\n<\/td>\n

\n

\u5217\u51fa\u6240\u6709\u9884\u5b9a\u4e49\u670d\u52a1<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –zone=<ZONE> –list-services<\/span><\/p>\n<\/td>\n

\n

\u67e5\u770b\u6307\u5b9a zone \u5df2\u653e\u884c\u7684\u670d\u52a1<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –zone=<ZONE> –list-ports<\/span><\/p>\n<\/td>\n

\n

\u67e5\u770b\u6307\u5b9a zone \u5df2\u653e\u884c\u7684\u7aef\u53e3<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\u2699\ufe0f Zone \u7ba1\u7406\u7c7b<\/span><\/p>\n<\/td>\n

\n

firewall-cmd –set-default-zone=<ZONE><\/span><\/p>\n<\/td>\n

\n

\u8bbe\u7f6e\u7cfb\u7edf\u9ed8\u8ba4 zone<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –permanent –zone=<ZONE> –add-source=<CIDR><\/span><\/p>\n<\/td>\n

\n

\u6c38\u4e45\u5c06\u6e90 IP \u6bb5 \/ CIDR \u5173\u8054\u5230\u6307\u5b9a zone<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –permanent –zone=<ZONE> –change-interface=<\u7f51\u5361\u540d><\/span><\/p>\n<\/td>\n

\n

\u6c38\u4e45\u5c06\u7f51\u5361\u5173\u8054\u5230\u6307\u5b9a zone<\/span><\/p>\n<\/td>\n<\/tr>\n

\n

\n<\/td>\n

\n

firewall-cmd –permanent –zone=<ZONE> –remove-source=<CIDR><\/span><\/p>\n<\/td>\n

\n

\u6c38\u4e45\u79fb\u9664 zone \u5173\u8054\u7684\u6e90 IP \u6bb5<\/span><\/p>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n

\n

1.7.3\u6807\u51c6\u64cd\u4f5c\u6b65\u9aa4<\/h5>\n

(1)\u67e5\u770b\u9ed8\u8ba4\u7684zone<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –get-default-zone<\/p>\n

(2)\u8bbe\u7f6e\u9ed8\u8ba4zone<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –set-default-zone=\u76ee\u6807zone<\/p>\n

(2)\u9009\u62e9\u7c7b\u578b(\u4e34\u65f6\/\u6c38\u4e45),\u6dfb\u52a0\u670d\u52a1,\u00a0\u00a0\u5728\u9632\u706b\u5899\u4e2d\u6c38\u4e45\u653e\u884c\u201c\u670d\u52a1\u201d<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –permanent \\\\<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0—service=\u670d\u52a1<\/p>\n

(3)\u91cd\u7f6e\u9632\u706b\u5899\u914d\u7f6e<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –reload<\/p>\n

(4)\u9a8c\u8bc1\u6c38\u4e45\u914d\u7f6e\u662f\u5426\u5b58\u50a8\u6210\u529f<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –permanent –list-services\u00a0\\\\<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0–list-all<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u89c2\u5bdf\u5217\u51fa\u7684zone\u6240\u6709\u89c4\u5219\u662f\u5426\u6709\u4e4b\u524d\u6dfb\u52a0\u7684\u5185\u5bb9\u3002<\/p>\n

\u5b8c\u6210\u914d\u7f6e\u540e\u5e94\u8fdb\u884c\u5b8c\u6574\u7684\u9a8c\u8bc1:<\/p>\n

\"\"<\/p>\n

\n

2.\u63a7\u5236SELinux\u7aef\u53e3\u6807\u8bb0<\/h3>\n

2.1SELinux\u7aef\u53e3\u6807\u8bb0<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SELinux(\u5b89\u5168\u589e\u5f3a\u578b Linux)\u662f Linux \u7cfb\u7edf\u7684\u5f3a\u5236\u8bbf\u95ee\u63a7\u5236(MAC)\u5b89\u5168\u673a\u5236\u3002<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5176\u4e2d,\u201c\u7aef\u53e3\u6807\u8bb0\u201d \u662f SELinux \u63a7\u5236\u7f51\u7edc\u6d41\u91cf\u7684\u6838\u5fc3\u624b\u6bb5\u4e4b\u4e00,\u5b83\u4e3a\u6bcf\u4e2a\u7f51\u7edc\u7aef\u53e3(\u5982 22\/TCP\u300180\/TCP)\u5206\u914d\u4e00\u4e2a\u4e13\u5c5e\u7684\u5b89\u5168\u6807\u7b7e(\u5982 ssh_port_t\u3001http_port_t),\u5e76\u901a\u8fc7\u7b56\u7565\u89c4\u5219\u9650\u5236 \u201c\u54ea\u4e9b\u8fdb\u7a0b\u53ef\u4ee5\u7ed1\u5b9a\u54ea\u4e9b\u5e26\u6807\u7b7e\u7684\u7aef\u53e3\u201d\u3002<\/p>\n

\u5de5\u4f5c\u673a\u5236:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5f53\u4e00\u4e2a\u8fdb\u7a0b(\u5982 SSH \u670d\u52a1\u3001Web \u670d\u52a1)\u60f3\u8981\u76d1\u542c\u67d0\u4e2a\u7f51\u7edc\u7aef\u53e3\u65f6,SELinux \u4f1a\u6267\u884c\u4ee5\u4e0b\u6821\u9a8c\u903b\u8f91:<\/p>\n

(1)\u8fdb\u7a0b\u7684\u5b89\u5168\u6807\u7b7e:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6bcf\u4e2a\u8fdb\u7a0b\u8fd0\u884c\u65f6\u4f1a\u88ab\u8d4b\u4e88\u4e00\u4e2a SELinux \u6807\u7b7e(\u5982 SSH \u8fdb\u7a0b\u7684\u6807\u7b7e\u662f sshd_t)\u3002<\/p>\n

(2)\u7aef\u53e3\u7684\u5b89\u5168\u6807\u7b7e:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u6bcf\u4e2a\u7aef\u53e3\u88ab\u6807\u8bb0\u4e3a\u7279\u5b9a\u6807\u7b7e(\u5982 22\/TCP \u662f ssh_port_t,80\/TCP \u662f http_port_t)\u3002<\/p>\n

(3)\u7b56\u7565\u89c4\u5219\u6821\u9a8c:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SELinux \u4f1a\u68c0\u67e5 \u201c\u8fdb\u7a0b\u6807\u7b7e\u662f\u5426\u88ab\u5141\u8bb8\u7ed1\u5b9a\u8be5\u7aef\u53e3\u6807\u7b7e\u201d\u3002\u53ea\u6709\u7b56\u7565\u660e\u786e\u5141\u8bb8\u7684\u7ec4\u5408(\u5982 sshd_t \u7ed1\u5b9a ssh_port_t),\u8fdb\u7a0b\u624d\u80fd\u6210\u529f\u76d1\u542c\u7aef\u53e3;\u5426\u5219,SELinux \u4f1a\u62e6\u622a\u64cd\u4f5c\u5e76\u8bb0\u5f55\u62d2\u7edd\u65e5\u5fd7\u3002<\/p>\n

\n

2.2\u5217\u51fa\u7aef\u53e3\u6807\u7b7e<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5982\u679c\u5728\u975e\u6807\u51c6\u7aef\u53e3\u4e0a\u8fd0\u884c\u670d\u52a1,SELinux\u4f1a\u62e6\u622a\u6b64\u6d41\u91cf,\u5fc5\u987b\u66f4\u65b0SELinux\u7aef\u53e3\u6807\u7b7e<\/p>\n

(1)\u83b7\u53d6\u6240\u6709\u5f53\u524d\u7aef\u53e3\u6807\u7b7e\u5206\u914d\u4fe1\u606f;<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l<\/p>\n

\"\"<\/p>\n

\n

(2)\u901a\u8fc7\u670d\u52a1\u540d\u79f0\u8fc7\u6ee4SELinux\u7aef\u53e3\u6807\u7b7e<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep \u670d\u52a1\u540d<\/p>\n

\u5982:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep http<\/p>\n

\"\"<\/p>\n

\n

(3)\u4f7f\u7528\u7aef\u53e3\u53f7\u8fc7\u6ee4SELinux\u7aef\u53e3\u6807\u7b7e<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep -w \u7aef\u53e3\u53f7<\/p>\n

\u5982:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep -w 80<\/p>\n

\"\"<\/p>\n

\n

2.3\u7ba1\u7406\u7aef\u53e3\u6807\u7b7e<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u4f7f\u7528semanage\u547d\u4ee4\u53ef\u4ee5\u5206\u914d\u65b0\u7aef\u53e3\u6807\u7b7e\u3001\u5220\u9664\u7aef\u53e3\u6807\u7b7e\u6216\u4fee\u6539\u73b0\u6709\u7aef\u53e3\u6807\u7b7e;<\/p>\n

\u9009\u9879:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-a:\u6dfb\u52a0<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-d:\u5220\u9664<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-m:\u4fee\u6539<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-t:\u7c7b\u578b<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-p:\u534f\u8bae<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0-C:\u67e5\u770b\u5bf9\u9ed8\u8ba4\u7b56\u7565\u7684\u4fee\u6539<\/p>\n

\n

2.4\u5220\u9664\u7aef\u53e3\u6807\u7b7e<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5220\u9664\u81ea\u5b9a\u4e49\u7aef\u53e3\u6807\u7b7e\u7684\u8bed\u6cd5\u548c\u6dfb\u52a0\u6807\u7b7e\u8bed\u6cd5\u76f8\u540c,\u4f7f\u7528-d\u9009\u9879;<\/p>\n

\u5982:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -d -t gopher_port_t -p tcp 71<\/p>\n

\u9a8c\u8bc1:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep -w 71<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u65e0\u8f93\u51fa\u5219\u5df2\u7ecf\u5220\u9664\u6807\u7b7e\u3002<\/p>\n

\"\"<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u5220\u9664\u5931\u8d25,\u8be5\u7aef\u53e3\u672a\u7ed1\u5b9a,\u65e0\u6cd5\u5220\u9664\u4e0d\u5b58\u5728\u6807\u7b7e\u3002<\/p>\n

2.5\u4fee\u6539\u7aef\u53e3\u6807\u7b7e<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u4f7f\u7528-m\u9009\u9879\u66f4\u6539\u7aef\u53e3\u7ed1\u5b9a,\u6bd4\u5220\u9664\u65e7\u7684\u6dfb\u52a0\u65b0\u7684\u7aef\u53e3\u6807\u7b7e\u66f4\u9ad8\u6548;<\/p>\n

\u5982:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -m -t http_port_t -p tcp 71<\/p>\n

\u9a8c\u8bc1:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep -w 71<\/p>\n

\"\"<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u4fee\u6539\u6210\u529f\u3002<\/p>\n

2.6\u5b9e\u4f8b<\/h4>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u8bbf\u95ee\u7f51\u5740\u5931\u8d25,\u5728Web\u670d\u52a1\u5668\u4e3b\u673a\u4e0a\u914d\u7f6e\u9632\u706b\u5899\u548cSELinux\u8bbe\u7f6e<\/p>\n

(1)\u8bbf\u95ee\u670d\u52a1\u5668<\/h5>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0curl http:\/\/\u670d\u52a1\u5668IP:30080<\/p>\n

(2)\u8c03\u67e5\u5931\u8d25\u539f\u56e0<\/h5>\n

\u68c0\u67e5\u670d\u52a1\u72b6\u6001:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0systemctl status httpd(\u670d\u52a1)<\/p>\n

\"\"<\/p>\n

\u91cd\u542f\u670d\u52a1:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0systemctl restart httpd<\/p>\n

\"\"<\/p>\n

\u5931\u8d25,\u8c03\u67e5\u539f\u56e0<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0systemctl status httpd.service<\/p>\n

\"\"<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0SELinux\u9650\u5236\u5bfc\u81f4\u65e0\u6cd5\u7ed1\u5b9a\u7aef\u53e3<\/p>\n

(3)\u8c03\u6574SELinux\u914d\u7f6e<\/h5>\n

\u67e5\u627e\u7aef\u53e3\u6b63\u786e\u7684\u7c7b\u578b:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port -l | grep \u201chttp\u201d<\/p>\n

\"\"<\/p>\n

\u4e3a\u8981\u6c42\u7684\u7aef\u53e3\u5206\u914d\u7c7b\u578b<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0semanage port \u00a0-a -t http_port_t -p tcp 30080 (\u7aef\u53e3)<\/p>\n

\u91cd\u542f\u670d\u52a1<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0systemctl restart httpd.service<\/p>\n

(4)\u9a8c\u8bc1<\/h5>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0systemctl status httpd<\/p>\n

\"\"<\/p>\n

\u6216<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0curl http:\/\/\u670d\u52a1\u5668IP:30080<\/p>\n

(5)\u5bf9\u9632\u706b\u5899\u8bbe\u7f6e\u505a\u51fa\u76f8\u5e94\u8c03\u6574<\/h5>\n

\u6dfb\u52a0\u7aef\u53e3\u5230public\u533a\u57df:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –add-port=\u7aef\u53e3\/\u534f\u8bae \\\\<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0–zone=public \\\\<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0–permanent<\/p>\n

\"\"<\/p>\n

\u91cd\u542f\u9632\u706b\u5899\u914d\u7f6e:<\/p>\n

\"\"<\/p>\n

\u9a8c\u8bc1public\u533a\u57df\u7684\u5f00\u653e\u7aef\u53e3:<\/p>\n

\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0firewall-cmd –zone=public –list-ports –permanent<\/p>\n

\"\"<\/p>\n

\n","protected":false},"excerpt":{"rendered":"

\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168
\n1.\u7ba1\u7406\u670d\u52a1\u5668\u9632\u706b\u5899
\n1.1\u9632\u706b\u5899\u67b6\u6784\u6982\u5ff5(netfilter\u6846\u67b6) \u9632\u706b\u5899\u662f\u7f51\u7edc\u5b89\u5168\u7684\u5173\u952e\u7ec4\u4ef6,\u7528\u4e8e\u9694\u79bb\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u7f51\u7edc\u533a\u57df(\u5982\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u4e92\u8054\u7f51),\u901a\u8fc7\u5236\u5b9a\u89c4\u5219\u6765\u63a7\u5236\u6d41\u91cf\u7684\u8fdb\u51fa,\u5b9e\u73b0\u7f51\u7edc\u5b89\u5168\u9694\u79bb; Linux \u5185\u6838\u7684 netfilter \u6846\u67b6\u7528\u4e8e\u5b9e\u73b0\u6570\u636e\u5305\u8fc7\u6ee4\u3001\u7f51\u7edc\u5730\u5740\u8f6c\u6362(NAT)\u3001\u7aef\u53e3\u8f6c\u6362\u7b49\u529f\u80fd&#xf<\/p>\n","protected":false},"author":2,"featured_media":69898,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[275,371,61],"topic":[],"class_list":["post-69917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-server","tag-web","tag-371","tag-61"],"yoast_head":"\nRH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wsisp.com\/helps\/69917.html\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"og:description\" content=\"\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 1.\u7ba1\u7406\u670d\u52a1\u5668\u9632\u706b\u5899 1.1\u9632\u706b\u5899\u67b6\u6784\u6982\u5ff5(netfilter\u6846\u67b6) \u9632\u706b\u5899\u662f\u7f51\u7edc\u5b89\u5168\u7684\u5173\u952e\u7ec4\u4ef6,\u7528\u4e8e\u9694\u79bb\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u7f51\u7edc\u533a\u57df(\u5982\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u4e92\u8054\u7f51),\u901a\u8fc7\u5236\u5b9a\u89c4\u5219\u6765\u63a7\u5236\u6d41\u91cf\u7684\u8fdb\u51fa,\u5b9e\u73b0\u7f51\u7edc\u5b89\u5168\u9694\u79bb; Linux \u5185\u6838\u7684 netfilter \u6846\u67b6\u7528\u4e8e\u5b9e\u73b0\u6570\u636e\u5305\u8fc7\u6ee4\u3001\u7f51\u7edc\u5730\u5740\u8f6c\u6362(NAT)\u3001\u7aef\u53e3\u8f6c\u6362\u7b49\u529f\u80fd&#xf\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wsisp.com\/helps\/69917.html\" \/>\n<meta property=\"og:site_name\" content=\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\" \/>\n<meta property=\"article:published_time\" content=\"2026-01-31T23:17:47+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260131231744-697e8d983c585.png\" \/>\n<meta name=\"author\" content=\"admin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"admin\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/69917.html\",\"url\":\"https:\/\/www.wsisp.com\/helps\/69917.html\",\"name\":\"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"isPartOf\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\"},\"datePublished\":\"2026-01-31T23:17:47+00:00\",\"dateModified\":\"2026-01-31T23:17:47+00:00\",\"author\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.wsisp.com\/helps\/69917.html#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.wsisp.com\/helps\/69917.html\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/69917.html#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.wsisp.com\/helps\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#website\",\"url\":\"https:\/\/www.wsisp.com\/helps\/\",\"name\":\"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3\",\"description\":\"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41\",\"name\":\"admin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"contentUrl\":\"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery\",\"caption\":\"admin\"},\"sameAs\":[\"http:\/\/wp.wsisp.com\"],\"url\":\"https:\/\/www.wsisp.com\/helps\/author\/admin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wsisp.com\/helps\/69917.html","og_locale":"zh_CN","og_type":"article","og_title":"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","og_description":"\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 1.\u7ba1\u7406\u670d\u52a1\u5668\u9632\u706b\u5899 1.1\u9632\u706b\u5899\u67b6\u6784\u6982\u5ff5(netfilter\u6846\u67b6) \u9632\u706b\u5899\u662f\u7f51\u7edc\u5b89\u5168\u7684\u5173\u952e\u7ec4\u4ef6,\u7528\u4e8e\u9694\u79bb\u4e0d\u540c\u4fe1\u4efb\u7ea7\u522b\u7684\u7f51\u7edc\u533a\u57df(\u5982\u5185\u90e8\u7f51\u7edc\u548c\u5916\u90e8\u4e92\u8054\u7f51),\u901a\u8fc7\u5236\u5b9a\u89c4\u5219\u6765\u63a7\u5236\u6d41\u91cf\u7684\u8fdb\u51fa,\u5b9e\u73b0\u7f51\u7edc\u5b89\u5168\u9694\u79bb; Linux \u5185\u6838\u7684 netfilter \u6846\u67b6\u7528\u4e8e\u5b9e\u73b0\u6570\u636e\u5305\u8fc7\u6ee4\u3001\u7f51\u7edc\u5730\u5740\u8f6c\u6362(NAT)\u3001\u7aef\u53e3\u8f6c\u6362\u7b49\u529f\u80fd&#xf","og_url":"https:\/\/www.wsisp.com\/helps\/69917.html","og_site_name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","article_published_time":"2026-01-31T23:17:47+00:00","og_image":[{"url":"https:\/\/www.wsisp.com\/helps\/wp-content\/uploads\/2026\/02\/20260131231744-697e8d983c585.png"}],"author":"admin","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"admin","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"4 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wsisp.com\/helps\/69917.html","url":"https:\/\/www.wsisp.com\/helps\/69917.html","name":"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168 - \u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","isPartOf":{"@id":"https:\/\/www.wsisp.com\/helps\/#website"},"datePublished":"2026-01-31T23:17:47+00:00","dateModified":"2026-01-31T23:17:47+00:00","author":{"@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41"},"breadcrumb":{"@id":"https:\/\/www.wsisp.com\/helps\/69917.html#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wsisp.com\/helps\/69917.html"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wsisp.com\/helps\/69917.html#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.wsisp.com\/helps"},{"@type":"ListItem","position":2,"name":"RH134\u5b66\u4e60\u8fdb\u7a0b\u2014\u2014\u5341\u4e00.\u7ba1\u7406\u7f51\u7edc\u5b89\u5168"}]},{"@type":"WebSite","@id":"https:\/\/www.wsisp.com\/helps\/#website","url":"https:\/\/www.wsisp.com\/helps\/","name":"\u7f51\u7855\u4e92\u8054\u5e2e\u52a9\u4e2d\u5fc3","description":"\u9999\u6e2f\u670d\u52a1\u5668_\u9999\u6e2f\u4e91\u670d\u52a1\u5668\u8d44\u8baf_\u670d\u52a1\u5668\u5e2e\u52a9\u6587\u6863_\u670d\u52a1\u5668\u6559\u7a0b","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wsisp.com\/helps\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/358e386c577a3ab51c4493330a20ad41","name":"admin","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.wsisp.com\/helps\/#\/schema\/person\/image\/","url":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","contentUrl":"https:\/\/gravatar.wp-china-yes.net\/avatar\/?s=96&d=mystery","caption":"admin"},"sameAs":["http:\/\/wp.wsisp.com"],"url":"https:\/\/www.wsisp.com\/helps\/author\/admin"}]}},"_links":{"self":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/69917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/comments?post=69917"}],"version-history":[{"count":0,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/posts\/69917\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media\/69898"}],"wp:attachment":[{"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/media?parent=69917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/categories?post=69917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/tags?post=69917"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.wsisp.com\/helps\/wp-json\/wp\/v2\/topic?post=69917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}