openSUSE-Leap-15.1配置网络和防火墙
Posted 闭关苦炼内功
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openSUSE-Leap-15.1配置网络和防火墙相关的知识,希望对你有一定的参考价值。
在配置网络和防火墙之前先保证更新源换为国内源openSUSE-Leap-15.1更新源-阿里云源
1、先来ifconfig
suse@linux-fn64:~> ifconfig
如果 \'ifconfig\' 不是输入错误的话,你可以使用 command-not-found 命令来查找它在哪个软件包中,就像这样:
cnf ifconfig
suse@linux-fn64:~> cnf ifconfig
程序 \'ifconfig\' 可在以下软件包中找到:
* net-tools-deprecated [ 路径:/bin/ifconfig, 软件源:zypp (aliyun-openSUSE-Leap-15.1-oss) ]
* net-tools-deprecated [ 路径:/usr/bin/ifconfig, 软件源:zypp (aliyun-openSUSE-Leap-15.1-oss) ]
试着使用下面命令安装:
sudo zypper install net-tools-deprecated
suse@linux-fn64:~> sudo zypper install net-tools-deprecated
我们信任您已经从系统管理员那里了解了日常注意事项。
总结起来无外乎这三点:
#1) 尊重别人的隐私。
#2) 输入前要先考虑(后果和风险)。
#3) 权力越大,责任越大。
[sudo] root 的密码:
正在加载软件源数据...
正在读取已安装的软件包...
正在解决软件包依赖关系...
将安装以下 1 个新软件包:
net-tools-deprecated
1 个软件包将新装.
总下载大小:170.3 KiB。已缓存:0 B。 操作完成后,将使用额外的 460.1 KiB。
继续吗? [y/n/v/...? 显示全部选项] (y): y
正在检索 软件包 net-tools-deprecated-2.0+git20170221.479bb4a-lp151.4.3.x86_64 (1/1), 170.3 KiB (解压后 460.1 KiB)
正在检索: net-tools-deprecated-2.0+git20170221.479bb4a-lp151.4.3.x86_64.rpm ............................[完毕 (717 B/s)]
正在检查文件冲突: ................................................................................................[完毕]
(1/1) 正在安装:net-tools-deprecated-2.0+git20170221.479bb4a-lp151.4.3.x86_64 .....................................[完毕]
suse@linux-fn64:~> ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.0.5 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::7e67:9565:793:75f2 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4f:f2:06 txqueuelen 1000 (Ethernet)
RX packets 4145 bytes 2491558 (2.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3550 bytes 422668 (412.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 192 bytes 10024 (9.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 192 bytes 10024 (9.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
suse@linux-fn64:~>
2、再来网络防火墙
linux-fn64:~ # cnf SuSEfirewall2
程序 \'SuSEfirewall2\' 可在以下软件包中找到:
* SuSEfirewall2 [ 路径:/sbin/SuSEfirewall2, 软件源:zypp (aliyun-openSUSE-Leap-15.1-oss) ]
* SuSEfirewall2 [ 路径:/usr/sbin/SuSEfirewall2, 软件源:zypp (aliyun-openSUSE-Leap-15.1-oss) ]
试着使用下面命令安装:
zypper install SuSEfirewall2
linux-fn64:~ # zypper install SuSEfirewall2
正在加载软件源数据...
正在读取已安装的软件包...
正在解决软件包依赖关系...
将安装以下 4 个新软件包:
perl-Digest-HMAC perl-Net-DNS perl-Net-LibIDN SuSEfirewall2
自动选中了以下 2 个推荐软件包:
perl-Net-DNS perl-Net-LibIDN
4 个软件包将新装.
总下载大小:488.6 KiB。已缓存:0 B。 操作完成后,将使用额外的 1.2 MiB。
继续吗? [y/n/v/...? 显示全部选项] (y): y
正在检索 软件包 perl-Digest-HMAC-1.03-lp151.2.1.noarch
(1/4), 16.4 KiB (解压后 10.5 KiB)
正在检索: perl-Digest-HMAC-1.03-lp151.2.1.noarch.rpm ..........................[完毕]
正在检索 软件包 perl-Net-LibIDN-0.12-lp151.2.3.x86_64
(2/4), 27.3 KiB (解压后 49.0 KiB)
正在检索: perl-Net-LibIDN-0.12-lp151.2.3.x86_64.rpm ...........................[完毕]
正在检索 软件包 perl-Net-DNS-1.14-lp151.2.1.noarch
(3/4), 360.9 KiB (解压后 846.3 KiB)
正在检索: perl-Net-DNS-1.14-lp151.2.1.noarch.rpm ..................[完毕 (9.2 KiB/s)]
正在检索 软件包 SuSEfirewall2-3.6.378-lp151.2.21.noarch
(4/4), 84.0 KiB (解压后 298.6 KiB)
正在检索: SuSEfirewall2-3.6.378-lp151.2.21.noarch.rpm .........................[完毕]
正在检查文件冲突: .............................................................[完毕]
(1/4) 正在安装:perl-Digest-HMAC-1.03-lp151.2.1.noarch .........................[完毕]
(2/4) 正在安装:perl-Net-LibIDN-0.12-lp151.2.3.x86_64 ..........................[完毕]
(3/4) 正在安装:perl-Net-DNS-1.14-lp151.2.1.noarch .............................[完毕]
(4/4) 正在安装:SuSEfirewall2-3.6.378-lp151.2.21.noarch ........................[完毕]
linux-fn64:~ #
查看防火墙
linux-fn64:~ # SuSEfirewall2 status
<35>Mar 13 13:41:31 SuSEfirewall2[6119]: SuSEfirewall2 not active
linux-fn64:~ # SuSEfirewall2 start
<38>Mar 13 13:41:40 SuSEfirewall2[6131]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ...
<38>Mar 13 13:41:40 SuSEfirewall2[6131]: using default zone \'ext\' for interface eth0
<38>Mar 13 13:41:41 SuSEfirewall2[6131]: Firewall rules successfully set
linux-fn64:~ # SuSEfirewall2 status
### iptables filter ###
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
2 458 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 ctstate ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:5353 PKTTYPE = multicast
0 0 input_ext all -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING "
Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination
Chain input_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 PKTTYPE = broadcast
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmptype 8
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 /* sfw2.insert.pos */ PKTTYPE != unicast
0 0 LOG tcp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
0 0 LOG icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
0 0 LOG udp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-proto-unreachable
### iptables mangle ###
Chain PREROUTING (policy ACCEPT 2 packets, 458 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 2 packets, 458 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination
### iptables nat ###
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1 packets, 64 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 1 packets, 64 bytes)
pkts bytes target prot opt in out source destination
### iptables raw ###
Chain PREROUTING (policy ACCEPT 2 packets, 458 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination
### iptables security ###
Chain INPUT (policy ACCEPT 2 packets, 458 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes)
pkts bytes target prot opt in out source destination
### ip6tables filter ###
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all lo * ::/0 ::/0
0 0 ACCEPT all * * ::/0 ::/0 ctstate ESTABLISHED
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ctstate RELATED
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:546
0 0 ACCEPT udp * * ::/0 ::/0 udp dpt:5353 PKTTYPE = multicast
0 0 input_ext all * * ::/0 ::/0
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET "
0 0 DROP all * * ::/0 ::/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 LOG all * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING "
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all * lo ::/0 ::/0
0 0 ACCEPT icmpv6 * * ::/0 ::/0
Chain forward_ext (0 references)
pkts bytes target prot opt in out source destination
Chain input_ext (1 references)
pkts bytes target prot opt in out source destination
0 0 DROP all * * ::/0 ::/0 PKTTYPE = broadcast
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 128
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 133
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 134
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 135
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 136
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 137
0 0 ACCEPT icmpv6 * * ::/0 ::/0 ipv6-icmptype 130
0 0 DROP all * * ::/0 ::/0 /* sfw2.insert.pos */ PKTTYPE != unicast
0 0 LOG tcp * * ::/0 ::/0 limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
0 0 LOG icmpv6 * * ::/0 ::/0 limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
0 0 LOG udp * * ::/0 ::/0 limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT "
0 0 DROP all * * ::/0 ::/0
Chain reject_func (0 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp * * ::/0 ::/0 reject-with tcp-reset
0 0 REJECT udp * * ::/0 ::/0 reject-with icmp6-port-unreachable
0 0 REJECT all * * ::/0 ::/0 reject-with icmp6-addr-unreachable
0 0 DROP all * * ::/0 ::/0
### ip6tables mangle ###
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
### ip6tables nat ###
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
### ip6tables raw ###
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
### ip6tables security ###
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
linux-fn64:~ #
linux-fn64:~ # SuSEfirewall2 stop
<38>Mar 13 13:41:59 SuSEfirewall2[6352]: Firewall rules unloaded.
linux-fn64:~ # SuSEfirewall2 status
<35>Mar 13 13:42:03 SuSEfirewall2[6393]: SuSEfirewall2 not active
linux-fn64:~ #
以上是关于openSUSE-Leap-15.1配置网络和防火墙的主要内容,如果未能解决你的问题,请参考以下文章