[新增] 防火墙增加白名单(用于ES端口漏洞)

e9037b2b · 咸鱼的修养 · 6a40ed58 · e9037b2b
Commit e9037b2b authored Oct 16, 2024 by 咸鱼的修养
Hide whitespace changes
Inline Side-by-side

Showing with 36 additions and 2 deletions

README.md README.md +36 -2

No files found.
--- a/README.md
+++ b/README.md
@@ -26,8 +26,42 @@

 finder的pod建议重启
 服务（pdataservice）的POST  /pdsCURD/populateFullTestSearchIndex
+
 资产(dataassetmanager) GET /toolkitApi/initFullTestSearchIndex
+
 标准(standard)的 GET /rest/standard/maintain/transform
+
 元数据Pod建议重启
 元数据(metadatarepo) POST /rest/init/initFinder（全文检索）
-元数据的 POST /rest/init/initMedataIndex（元数据检索）
\ No newline at end of file
+
+元数据的 POST /rest/init/initMedataIndex（元数据检索）
+
+
+
+
+
+## **开启防火墙启用白名单**
+
+1. 检查防火墙状态，如果没有开启则开启
+
+systemctl status firewalld
+
+1. 设置开机启动防火墙
+
+systemctl enable firewalld
+
+1. 启动防火墙
+
+systemctl start firewalld
+
+1. 设置白名单
+
+firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.27.18.9" port protocol="tcp" port="1-65535" accept"
+
+firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.27.18.10" port protocol="tcp" port="1-65535" accept"
+
+firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.27.18.11" port protocol="tcp" port="1-65535" accept"
+
+1. 重启防火墙
+
+systemctl restart firewalld
\ No newline at end of file