V2EX = way to explore
V2EX 是一个关于分享和探索的地方
Sign Up Now
For Existing Member Sign In
This topic created in 2088 days ago, the information mentioned may be changed or developed.
CentOS 7 的服务器,之前配置 IPv6 一直无法使用,没去管,今天随手扫了一下开放端口发现 firewalld 规则里没有开放的端口全部被开放了。确定 zone 设置正确,firewalld 和 iptables 都在正常工作,规则都已正常保存。然后我加了一条 iptables 拒绝规则,然而还是可以访问。firewalld 打开 panic 模式照样能 ssh 连接服务器。不知道这和 IPv6 无效是否有关,请问有大佬知道吗?研究了一天还没解决。
Supplement 1 · Aug 11, 2020
已经解决了,是 docker 的问题,会添加 chain 绕过 iptables 。网络上的方案全试过一遍,只有启动容器时指定 -p 127.0.0.1:x:x 的有效。这里提供一个自己研究出来的一键更新 0.0.0.0 -> 127.0.0.1 的命令有需要的可以拿去用。
systemctl stop docker;
cd /var/lib/docker;
find -name '*.json' | xargs perl -pi -e 's|"HostIp":""|"HostIp":"127.0.0.1"|g'; (这条很重要)
find -name '*.json' | xargs perl -pi -e 's|0.0.0.0|127.0.0.1|g';
systemctl start docker
systemctl stop docker;
cd /var/lib/docker;
find -name '*.json' | xargs perl -pi -e 's|"HostIp":""|"HostIp":"127.0.0.1"|g'; (这条很重要)
find -name '*.json' | xargs perl -pi -e 's|0.0.0.0|127.0.0.1|g';
systemctl start docker
 |
1
zwl2012 Aug 11, 2020 via iPhone
docker
|
 |
2
snoopygao Aug 11, 2020
贴出来 list-all-zone 看看
|
 |
3
naohion OP @zwl2012 一直在用 docker 但一些容器的端口不希望外网访问
@snoopygao $ sudo firewall-cmd --list-all-zone [sudo] password for user: block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: source-ports: icmp-blocks: rich rules: home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ssh ports: 443/tcp 22/tcp 80/tcp protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: |
Select Language