洞察探讨小游戏SDK接入的最佳实践以及对企业跨平台开发的优势
1437
2022-09-20
AIX防火墙策略
删除 所有策略rmfilt -v 4 -n all1、查看所有deny的策略,注意rule no 和端口地址1,root@ODS_DB1[/tmp/ibmsupt]# lsfilt |grep -p 0.0.0.0Beginning of IPv4 filter rules.
Rule 242:Rule action : denySource Address : 0.0.0.0Source Mask : 0.0.0.0Destination Address : 192.168.10.188Destination Mask : 255.255.255.255Source Routing : yesProtocol : allSource Port : gt 1023Destination Port : eq 50000Scope : bothDirection : bothLogging control : noFragment control : all packetsTunnel ID number : 0Interface : allAuto-Generated : noExpiration Time : 0Description :
Rule 243:Rule action : denySource Address : 0.0.0.0Source Mask : 0.0.0.0Destination Address : 192.168.10.190Destination Mask : 255.255.255.255Source Routing : yesProtocol : allSource Port : gt 1023Destination Port : eq 50000Scope : bothDirection : bothLogging control : noFragment control : all packetsTunnel ID number : 0Interface : allAuto-Generated : noExpiration Time : 0Description :
Rule 244:Rule action : denySource Address : 0.0.0.0Source Mask : 0.0.0.0Destination Address : 192.168.10.190Destination Mask : 255.255.255.255Source Routing : yesProtocol : allSource Port : gt 1023Destination Port : eq 23Scope : bothDirection : bothLogging control : noFragment control : all packetsTunnel ID number : 0Interface : allAuto-Generated : noExpiration Time : 0Description :
Rule 245:Rule action : denySource Address : 0.0.0.0Source Mask : 0.0.0.0Destination Address : 192.168.10.188Destination Mask : 255.255.255.255Source Routing : yesProtocol : allSource Port : gt 1023Destination Port : eq 23Scope : bothDirection : bothLogging control : noFragment control : all packetsTunnel ID number : 0Interface : allAuto-Generated : noExpiration Time : 0Description :
2 删除需要deny的策略代码(注意删除了一条策略后,会自动向前补一条。如果要删除需要重新查看后删除)2,root@ODS_DB1[/tmp/ibmsupt]# rmfilt -v 4 -n 242 Filter rule 242 for IPv4 has been removed successfully.
3、添加路由策略 注意IP地址 掩码 端口3,genfilt -v 4 -a P -s 192.168.10.141 -m 255.255.255.255 -d 192.168.10.191 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000genfilt -v 4 -a P -s 192.168.10.143 -m 255.255.255.255 -d 192.168.10.191 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000genfilt -v 4 -a P -s 192.168.10.141 -m 255.255.255.255 -d 192.168.10.189 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000genfilt -v 4 -a P -s 192.168.10.143 -m 255.255.255.255 -d 192.168.10.189 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000
4、添加 deny 路由规则和端口4, genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 192.168.10.191 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 192.168.10.189 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000
5、更新路由规则5,mkfilt -v 4 -u
6、查看时候生效(包含deny)6,lsfilt |grep -p 192.168.10.141lsfilt |grep -p 0.0.0.0
121 permit 192.168.10.0 255.255.255.224 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none 122 permit 192.168.10.245 255.255.255.255 136.5.9.51 255.255.255.255 yes all gt 1023 eq 2201 both both no all packets 0 all 0 none 123 deny 0.0.0.0 0.0.0.0 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none
121 permit 192.168.10.0 255.255.255.224 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none 122 permit 192.168.10.245 255.255.255.255 136.5.9.51 255.255.255.255 yes all gt 1023 eq 2201 both both no all packets 0 all 0 none 123 permit 192.168.10.178 255.255.255.0 136.5.9.51 255.255.255.255 yes all gt 1023 eq 2201 both both no all packets 0 all 0 none 124 deny 0.0.0.0 0.0.0.0 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none
genfilt -v 4 -n 123 -a P -s 192.168.10.178 -m 255.255.255.0 -d 136.5.9.51 -M 255.255.255.255 -o gt -p 1023 -O eq -P 2201
ps:如果需要一个段的IP如
版权声明:本文内容由网络用户投稿,版权归原作者所有,本站不拥有其著作权,亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容,请联系我们jiasou666@gmail.com 处理,核实后本网站将在24小时内删除侵权内容。
发表评论
暂时没有评论,来抢沙发吧~