Taiwan Linux Institute(PHP Learning Center)

CentOS-7  CentOS 7 default to  firewalld. It's not recommended to install iptables, please use firewalld yum install iptables system-config-firewall-tui setuptool firewalld default XML directory /usr/lib/firewalld and /etc/firewalld   ===================================================== firewalld  ========== >>> firewall-config ====> firewall-cmd <==== 在firewalld裡面, 是把網路分成幾個區域 (zone). 然後針對zone去設定過濾規則. 我們先看預設設定: [root@c7 ~]# firewall-cmd --get-active-zones public   interfaces: eth0 eth1 所以目前兩個網卡都是被指定在public(對外區域). 然後看看預設public區域的規則: [root@c7 ~]# firewall-cmd --zone=public --list-all public (default, active)   interfaces: eth0 eth1   sources:   services: dhcpv6-client ssh   ports:   masquerade: no   forward-ports:   icmp-blocks:   rich rules: 所以public zone開了DHCP跟SSH服務, 沒有指定port, 沒有限制連線來源, 也沒有開啟NAT功能. DHCP我沒有在用, 所以移掉: [root@c7 ~]# firewall-cmd --zone=public --remove-service dhcpv6-client success 因為eth0是內網, 所以我想把eth0改到trusted(信任區域): [root@

SSH login without password Your aim You want to use Linux and OpenSSH to automate your tasks. Therefore you need an  automatic  login from host A / user a to Host B / user b. You don't want to enter any passwords, because you want to call  ssh  from a within a shell script. How to do it First log in on A as user a and generate a pair of authentication keys. Do not enter a passphrase: a@A:~> ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/home/a/.ssh/id_rsa): Created directory '/home/a/.ssh'. Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /home/a/.ssh/id_rsa. Your public key has been saved in /home/a/.ssh/id_rsa.pub. The key fingerprint is: 3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a@A Now use  ssh  to create a directory  ~/.ssh  as user b on B. (The directory may already exist, which is fine): a@A:~> ssh b@B mkdir -p .ssh b@B's pass