2. 软件开发
    3. Replacing TCP Wrappers in RHEL 8

    Replacing TCP Wrappers in RHEL 8

    xiaoxiao2022-06-25  187

    https://access.redhat.com/solutions/3906701

     SOLUTION 已验证 - 已更新 2019年二月21日09:58 - 

    English 

    环境

    Red Hat Enterprise Linux 8

    问题

    The TCP Wrappers package has been deprecated in RHEL 7 and therefore it will not be available in RHEL 8 or later RHEL releases.

    决议

    Firewalld can be used as a firewall level replacement for TCP Wrappers.

    This example allows SSH for the 10.1.1.0/24 network and blocks it for all others.

    firewalld

    Firewalld operates at the firewall layer and can be used to restrict access to a given service. One approach is to create a new firewall zone for the 10.1.1.0/24 network and enable SSH in the new zone.

    firewalld enables SSH in the default (public) zone by default. To only allow 10.1.1.0/24 SSH, first needs to be removed from the default zone. For other services, this step can be skipped.

    Raw

    # firewall-cmd --permanent --remove-service=ssh You can now create the new zone and add the SSH service.

    Raw

    # firewall-cmd --permanent --new-zone=mysshzone # firewall-cmd --permanent --zone=mysshzone --add-source=10.1.1.0/24 # firewall-cmd --permanent --zone=mysshzone --add-service=ssh Then, reload the firewall to make the new configuration active.

    Raw

    # firewall-cmd --reload

    专利

    最新回复(0)