备份原来
ansible dbtest -m shell -a “sudo iptables-save > /etc/sysconfig/iptables.20200709”
修改
要做的修改为:
sudo iptables -tfilter -A INPUT -i lo -j ACCEPT sudo iptables -t filter -A INPUT -p icmp -j ACCEPT
sudo iptables -tfilter -A INPUT -s 192.168.36.0/22 -j ACCEPT
sudo iptables -tfilter -A INPUT -s 192.168.17.154/32 -j ACCEPT
sudo iptables -tfilter -A INPUT -j REJECT —reject-with icmp-host-prohibited
执行命令为:
ansible dbtest -m shell -a “iptables -tfilter -A INPUT -i lo -j ACCEPT;iptables -t filter -A INPUT -p icmp -j ACCEPT;iptables -tfilter -A INPUT -s 192.168.36.0/22 -j ACCEPT;iptables -tfilter -A INPUT -s 192.168.17.154/32 -j ACCEPT;iptables -tfilter -A INPUT -j REJECT —reject-with icmp-host-prohibited”
- 测试连通性
- 备份现有
若有收获,就点个赞吧
0 人点赞
