Firewalld 规则允许 Java 与网络中的其他服务器连接

tag-icon tag-icon centos networking ip application firewalld
Firewalld 规则允许 Java 与网络中的其他服务器连接

在专用网络中的 CentOS 7 服务器上运行 Java 的 Web 应用程序需要使用 Java 与同一网络中的其他服务器建立连接。当从 CentOS 7 服务器进行出站连接时,Java 可能会自动选择随机端口。

10.0.8.1在服务器上编写 Firewalld 规则以使在 IP 中运行的 Java Web 应用程序10.0.8.1能够使用任何端口与网络中的其他服务器建立连接需要什么特定语法10.0.8.x

其他服务器能够接收在特定端口上设置的规则的连接,但 Web 应用程序服务器的 Java 需要能够使用任何端口。

@garethTheRed 的建议:

根据@garethTheRed的建议,我重新启动了firewalld并firewall-cmd --list-all-zones在CentOS 7虚拟机上键入,该虚拟机的Java安装无法与同一网络上的另一个虚拟机建立出站数据库连接。结果如下:

[root@localhost ~]# firewall-cmd --list-all-zones
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

[root@localhost ~]#

相关内容