CentOS 7 prohibits an IP from accessing the server

Little scum · Posted on 2/28/2022 3:35:36 PM

Requirements: The production server and the UAT server are in the same computer room, but in different CIDR segments, both the production server and the UAT server can communicate with each other. In order to prevent the UAT server from misconfiguring the middleware (database, Redis, Kafka) that accesses the production environment, it is necessary to configure the firewall of the production server to prohibit access to the UAT serverThe official (production) server prohibits IP access from the UAT server。

Reference:

In linux, Iptables restricts the same IP connection to prevent CC attacks
https://www.itsvse.com/thread-2943-1-1.html

iptables firewall only allows certain IPs to access certain ports and specific websites
https://www.itsvse.com/thread-2535-1-1.html

CentOS7 View and turn off the firewall
https://www.itsvse.com/thread-7771-1-1.html

Check the firewalld.service service status with the following command:

Login is visible.

Review the currently configured firewall rules, with the following command:

Login is visible.

To disable access to 10.7.212.128 and 10.7.212.129, execute the following command on the production server:

Login is visible.

Of course, it can also be directly restrictedThe entire IP segmentAccess, as follows:

Login is visible.

To delete the newly created rule, the command is as follows:

Login is visible.

After changing the configurationBe sure to reload the configuration file, the command is as follows:

Login is visible.