openSUSE-Leap-15.1配置网络和防火墙 _防火墙

【openSUSE-Leap-15.1配置网络和防火墙】归志宁无五亩园，读书本意在元元。这篇文章主要讲述openSUSE-Leap-15.1配置网络和防火墙相关的知识，希望能为你提供帮助。
在配置网络和防火墙之前先保证更新源换为国内源 openSUSE-Leap-15.1更新源-阿里云源 1、先来ifconfig

suse@linux-fn64:~> ifconfig 如果 \'ifconfig\' 不是输入错误的话，你可以使用 command-not-found 命令来查找它在哪个软件包中，就像这样： cnf ifconfig suse@linux-fn64:~> cnf ifconfig程序 \'ifconfig\' 可在以下软件包中找到： * net-tools-deprecated [ 路径：/bin/ifconfig, 软件源：zypp (aliyun-openSUSE-Leap-15.1-oss) ] * net-tools-deprecated [ 路径：/usr/bin/ifconfig, 软件源：zypp (aliyun-openSUSE-Leap-15.1-oss) ]试着使用下面命令安装： sudo zypper install net-tools-deprecatedsuse@linux-fn64:~> sudo zypper install net-tools-deprecated我们信任您已经从系统管理员那里了解了日常注意事项。总结起来无外乎这三点：#1) 尊重别人的隐私。 #2) 输入前要先考虑(后果和风险)。 #3) 权力越大，责任越大。[sudo] root 的密码：正在加载软件源数据... 正在读取已安装的软件包... 正在解决软件包依赖关系...将安装以下 1 个新软件包： net-tools-deprecated1 个软件包将新装. 总下载大小：170.3 KiB。已缓存：0 B。操作完成后，将使用额外的 460.1 KiB。继续吗？ [y/n/v/...? 显示全部选项] (y): y 正在检索软件包 net-tools-deprecated-2.0+git20170221.479bb4a-lp151.4.3.x86_64(1/1), 170.3 KiB （解压后 460.1 KiB）正在检索： net-tools-deprecated-2.0+git20170221.479bb4a-lp151.4.3.x86_64.rpm ............................[完毕 (717 B/s)]正在检查文件冲突： ................................................................................................[完毕] (1/1) 正在安装：net-tools-deprecated-2.0+git20170221.479bb4a-lp151.4.3.x86_64 .....................................[完毕] suse@linux-fn64:~> ifconfig eth0: flags=4163< UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.5netmask 255.255.255.0broadcast 192.168.0.255 inet6 fe80::7e67:9565:793:75f2prefixlen 64scopeid 0x20< link> ether 00:0c:29:4f:f2:06txqueuelen 1000(Ethernet) RX packets 4145bytes 2491558 (2.3 MiB) RX errors 0dropped 0overruns 0frame 0 TX packets 3550bytes 422668 (412.7 KiB) TX errors 0dropped 0 overruns 0carrier 0collisions 0lo: flags=73< UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1netmask 255.0.0.0 inet6 ::1prefixlen 128scopeid 0x10< host> looptxqueuelen 1000(Local Loopback) RX packets 192bytes 10024 (9.7 KiB) RX errors 0dropped 0overruns 0frame 0 TX packets 192bytes 10024 (9.7 KiB) TX errors 0dropped 0 overruns 0carrier 0collisions 0suse@linux-fn64:~>

2、再来网络防火墙

linux-fn64:~ # cnf SuSEfirewall2程序 \'SuSEfirewall2\' 可在以下软件包中找到： * SuSEfirewall2 [ 路径：/sbin/SuSEfirewall2, 软件源：zypp (aliyun-openSUSE-Leap-15.1-oss) ] * SuSEfirewall2 [ 路径：/usr/sbin/SuSEfirewall2, 软件源：zypp (aliyun-openSUSE-Leap-15.1-oss) ]试着使用下面命令安装： zypper install SuSEfirewall2linux-fn64:~ # zypper install SuSEfirewall2 正在加载软件源数据... 正在读取已安装的软件包... 正在解决软件包依赖关系...将安装以下 4 个新软件包： perl-Digest-HMAC perl-Net-DNS perl-Net-LibIDN SuSEfirewall2自动选中了以下 2 个推荐软件包： perl-Net-DNS perl-Net-LibIDN4 个软件包将新装. 总下载大小：488.6 KiB。已缓存：0 B。操作完成后，将使用额外的 1.2 MiB。继续吗？ [y/n/v/...? 显示全部选项] (y): y 正在检索软件包 perl-Digest-HMAC-1.03-lp151.2.1.noarch (1/4),16.4 KiB （解压后10.5 KiB）正在检索： perl-Digest-HMAC-1.03-lp151.2.1.noarch.rpm ..........................[完毕] 正在检索软件包 perl-Net-LibIDN-0.12-lp151.2.3.x86_64 (2/4),27.3 KiB （解压后49.0 KiB）正在检索： perl-Net-LibIDN-0.12-lp151.2.3.x86_64.rpm ...........................[完毕] 正在检索软件包 perl-Net-DNS-1.14-lp151.2.1.noarch (3/4), 360.9 KiB （解压后 846.3 KiB）正在检索： perl-Net-DNS-1.14-lp151.2.1.noarch.rpm ..................[完毕 (9.2 KiB/s)] 正在检索软件包 SuSEfirewall2-3.6.378-lp151.2.21.noarch (4/4),84.0 KiB （解压后 298.6 KiB）正在检索： SuSEfirewall2-3.6.378-lp151.2.21.noarch.rpm .........................[完毕]正在检查文件冲突： .............................................................[完毕] (1/4) 正在安装：perl-Digest-HMAC-1.03-lp151.2.1.noarch .........................[完毕] (2/4) 正在安装：perl-Net-LibIDN-0.12-lp151.2.3.x86_64 ..........................[完毕] (3/4) 正在安装：perl-Net-DNS-1.14-lp151.2.1.noarch .............................[完毕] (4/4) 正在安装：SuSEfirewall2-3.6.378-lp151.2.21.noarch ........................[完毕] linux-fn64:~ #

查看防火墙

linux-fn64:~ # SuSEfirewall2 status < 35> Mar 13 13:41:31 SuSEfirewall2[6119]: SuSEfirewall2 not active linux-fn64:~ # SuSEfirewall2 start < 38> Mar 13 13:41:40 SuSEfirewall2[6131]: Setting up rules from /etc/sysconfig/SuSEfirewall2 ... < 38> Mar 13 13:41:40 SuSEfirewall2[6131]: using default zone \'ext\' for interface eth0 < 38> Mar 13 13:41:41 SuSEfirewall2[6131]: Firewall rules successfully set linux-fn64:~ # SuSEfirewall2 status ### iptables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination 00 ACCEPTall--lo*0.0.0.0/00.0.0.0/0 2458 ACCEPTall--**0.0.0.0/00.0.0.0/0ctstate ESTABLISHED 00 ACCEPTicmp --**0.0.0.0/00.0.0.0/0ctstate RELATED 00 ACCEPTudp--**0.0.0.0/00.0.0.0/0udp dpt:5353 PKTTYPE = multicast 00 input_extall--**0.0.0.0/00.0.0.0/0 00 LOGall--**0.0.0.0/00.0.0.0/0limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET " 00 DROPall--**0.0.0.0/00.0.0.0/0 Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination 00 LOGall--**0.0.0.0/00.0.0.0/0limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING "Chain OUTPUT (policy ACCEPT 2 packets, 128 bytes) pkts bytes targetprot opt inoutsourcedestination 00 ACCEPTall--*lo0.0.0.0/00.0.0.0/0Chain forward_ext (0 references) pkts bytes targetprot opt inoutsourcedestinationChain input_ext (1 references) pkts bytes targetprot opt inoutsourcedestination 00 DROPall--**0.0.0.0/00.0.0.0/0PKTTYPE = broadcast 00 ACCEPTicmp --**0.0.0.0/00.0.0.0/0icmptype 4 00 ACCEPTicmp --**0.0.0.0/00.0.0.0/0icmptype 8 00 DROPall--**0.0.0.0/00.0.0.0/0/* sfw2.insert.pos */ PKTTYPE != unicast 00 LOGtcp--**0.0.0.0/00.0.0.0/0limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 00 LOGicmp --**0.0.0.0/00.0.0.0/0limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 00 LOGudp--**0.0.0.0/00.0.0.0/0limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 00 DROPall--**0.0.0.0/00.0.0.0/0Chain reject_func (0 references) pkts bytes targetprot opt inoutsourcedestination 00 REJECTtcp--**0.0.0.0/00.0.0.0/0reject-with tcp-reset 00 REJECTudp--**0.0.0.0/00.0.0.0/0reject-with icmp-port-unreachable 00 REJECTall--**0.0.0.0/00.0.0.0/0reject-with icmp-proto-unreachable### iptables mangle ### Chain PREROUTING (policy ACCEPT 2 packets, 458 bytes) pkts bytes targetprot opt inoutsourcedestinationChain INPUT (policy ACCEPT 2 packets, 458 bytes) pkts bytes targetprot opt inoutsourcedestinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 2 packets, 128 bytes) pkts bytes targetprot opt inoutsourcedestinationChain POSTROUTING (policy ACCEPT 2 packets, 128 bytes) pkts bytes targetprot opt inoutsourcedestination### iptables nat ### Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 1 packets, 64 bytes) pkts bytes targetprot opt inoutsourcedestinationChain POSTROUTING (policy ACCEPT 1 packets, 64 bytes) pkts bytes targetprot opt inoutsourcedestination### iptables raw ### Chain PREROUTING (policy ACCEPT 2 packets, 458 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 2 packets, 128 bytes) pkts bytes targetprot opt inoutsourcedestination### iptables security ### Chain INPUT (policy ACCEPT 2 packets, 458 bytes) pkts bytes targetprot opt inoutsourcedestinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 2 packets, 128 bytes) pkts bytes targetprot opt inoutsourcedestination### ip6tables filter ### Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination 00 ACCEPTalllo*::/0::/0 00 ACCEPTall**::/0::/0ctstate ESTABLISHED 00 ACCEPTicmpv6**::/0::/0ctstate RELATED 00 ACCEPTudp**::/0::/0udp dpt:546 00 ACCEPTudp**::/0::/0udp dpt:5353 PKTTYPE = multicast 00 input_extall**::/0::/0 00 LOGall**::/0::/0limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-IN-ILL-TARGET " 00 DROPall**::/0::/0Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination 00 LOGall**::/0::/0limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-FWD-ILL-ROUTING "Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination 00 ACCEPTall*lo::/0::/0 00 ACCEPTicmpv6**::/0::/0Chain forward_ext (0 references) pkts bytes targetprot opt inoutsourcedestinationChain input_ext (1 references) pkts bytes targetprot opt inoutsourcedestination 00 DROPall**::/0::/0PKTTYPE = broadcast 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 128 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 133 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 134 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 135 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 136 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 137 00 ACCEPTicmpv6**::/0::/0ipv6-icmptype 130 00 DROPall**::/0::/0/* sfw2.insert.pos */ PKTTYPE != unicast 00 LOGtcp**::/0::/0limit: avg 3/min burst 5 tcp flags:0x17/0x02 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 00 LOGicmpv6**::/0::/0limit: avg 3/min burst 5 LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 00 LOGudp**::/0::/0limit: avg 3/min burst 5 ctstate NEW LOG flags 6 level 4 prefix "SFW2-INext-DROP-DEFLT " 00 DROPall**::/0::/0Chain reject_func (0 references) pkts bytes targetprot opt inoutsourcedestination 00 REJECTtcp**::/0::/0reject-with tcp-reset 00 REJECTudp**::/0::/0reject-with icmp6-port-unreachable 00 REJECTall**::/0::/0reject-with icmp6-addr-unreachable 00 DROPall**::/0::/0### ip6tables mangle ### Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination### ip6tables nat ### Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination### ip6tables raw ### Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestination### ip6tables security ### Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes targetprot opt inoutsourcedestinationlinux-fn64:~ # linux-fn64:~ # SuSEfirewall2 stop < 38> Mar 13 13:41:59 SuSEfirewall2[6352]: Firewall rules unloaded. linux-fn64:~ # SuSEfirewall2 status < 35> Mar 13 13:42:03 SuSEfirewall2[6393]: SuSEfirewall2 not active linux-fn64:~ #