美文网首页
vyos 常用命令

vyos 常用命令

作者: Foreally | 来源:发表于2020-04-14 15:58 被阅读0次

    show configuration commands

    root@vyos:/home/vyos# show configuration commands 
set firewall group address-group eip-group address '10.8.219.183'
set firewall group address-group eip-group address '10.8.219.124'
set firewall name eth0.in default-action 'reject'
set firewall name eth0.in rule 4000 action 'accept'
set firewall name eth0.in rule 4000 state established 'enable'
set firewall name eth0.in rule 4000 state related 'enable'
set firewall name eth0.in rule 4001 action 'accept'
set firewall name eth0.in rule 4001 protocol 'icmp'
set firewall name eth0.in rule 9999 action 'accept'
set firewall name eth0.in rule 9999 state new 'enable'
set firewall name eth0.local default-action 'reject'
set firewall name eth0.local rule 1 action 'accept'
set firewall name eth0.local rule 1 destination address '192.168.8.204'
set firewall name eth0.local rule 1 state established 'enable'
set firewall name eth0.local rule 1 state related 'enable'
set firewall name eth0.local rule 2 action 'accept'
set firewall name eth0.local rule 2 destination address '192.168.8.204'
set firewall name eth0.local rule 2 protocol 'icmp'
set firewall name eth0.local rule 3 action 'accept'
set firewall name eth0.local rule 3 destination address '192.168.8.204'
set firewall name eth0.local rule 3 destination port '22'
set firewall name eth0.local rule 3 protocol 'tcp'
set firewall name eth0.local rule 4 action 'accept'
set firewall name eth0.local rule 4 description 'management-port-rule'
set firewall name eth0.local rule 4 destination address '192.168.8.204'
set firewall name eth0.local rule 4 destination port '7272'
set firewall name eth0.local rule 4 protocol 'tcp'
set firewall name eth1.in default-action 'reject'
set firewall name eth1.in rule 1 action 'accept'
set firewall name eth1.in rule 1 description 'IPSEC-c23238c420114233b207ddfffdee4bbb-10.0.161.1/24'
set firewall name eth1.in rule 1 source address '10.0.161.1/24'
set firewall name eth1.in rule 1 state established 'enable'
set firewall name eth1.in rule 1 state new 'enable'
set firewall name eth1.in rule 1 state related 'enable'
set firewall name eth1.in rule 4000 action 'accept'
set firewall name eth1.in rule 4000 state established 'enable'
set firewall name eth1.in rule 4000 state related 'enable'
set firewall name eth1.in rule 4001 action 'accept'
set firewall name eth1.in rule 4001 protocol 'icmp'
set firewall name eth1.in rule 4002 action 'accept'
set firewall name eth1.in rule 4002 description 'PF-172.24.239.90-333-333-fa:fb:f3:01:0d:03-22-22-TCP'
set firewall name eth1.in rule 4002 destination address '10.8.219.196'
set firewall name eth1.in rule 4002 destination port '22'
set firewall name eth1.in rule 4002 protocol 'tcp'

    show configuration

    root@vyos:/home/vyos# show configuration 
firewall {
    group {
        address-group eip-group {
            address 10.8.219.183
            address 10.8.219.124
        }
    }
    name eth0.in {
        default-action reject
        rule 4000 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 4001 {
            action accept
            protocol icmp
        }
        rule 9999 {
            action accept
            state {
                new enable
            }
        }
    }
    name eth0.local {
        default-action reject
        rule 1 {
            action accept
            destination {
                address 192.168.8.204
            }
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action accept
            destination {
                address 192.168.8.204
            }
            protocol icmp
        }
        rule 3 {
            action accept
            destination {
                address 192.168.8.204
                port 22
            }
            protocol tcp
        }
        rule 4 {
            action accept
            description management-port-rule
            destination {
                address 192.168.8.204
                port 7272
            }
            protocol tcp
        }
    }

    iptables-save

    root@vyos:/home/vyos# iptables-save 
# Generated by iptables-save v1.4.12.2 on Tue Apr 14 15:57:24 2020
*mangle
:PREROUTING ACCEPT [271509:73740344]
:INPUT ACCEPT [166463:67078153]
:FORWARD ACCEPT [564:61708]
:OUTPUT ACCEPT [87246:12820229]
:POSTROUTING ACCEPT [87810:12881937]
-A PREROUTING -m comment --comment Zs-Pr-Default-Rules -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m comment --comment Zs-Pr-Default-Rules -m mark ! --mark 0x0 -j ACCEPT
COMMIT
# Completed on Tue Apr 14 15:57:24 2020
# Generated by iptables-save v1.4.12.2 on Tue Apr 14 15:57:24 2020
*nat
:PREROUTING ACCEPT [27169:4283670]
:INPUT ACCEPT [179:11602]
:OUTPUT ACCEPT [9269:558287]
:POSTROUTING ACCEPT [3121:189407]
:VYATTA_PRE_DNAT_HOOK - [0:0]
:VYATTA_PRE_SNAT_HOOK - [0:0]
-A PREROUTING -j VYATTA_PRE_DNAT_HOOK
-A PREROUTING -d 172.24.239.90/32 -p tcp -m tcp --dport 333 -m comment --comment DST-NAT-1 -j DNAT --to-destination 10.8.219.196:22
-A PREROUTING -d 172.31.6.12/32 -p tcp -m tcp --dport 44 -m comment --comment DST-NAT-2 -j DNAT --to-destination 10.8.219.183:22
-A PREROUTING -d 172.24.239.91/32 -m comment --comment DST-NAT-3 -j DNAT --to-destination 10.8.219.183
-A PREROUTING -d 172.31.6.13/32 -m comment --comment DST-NAT-4 -j DNAT --to-destination 10.8.219.124
-A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
-A POSTROUTING -s 10.8.219.0/24 -d 10.0.161.0/24 -o eth1 -m comment --comment SRC-NAT-1 -j RETURN
-A POSTROUTING -s 10.8.219.183/32 -o eth1 -m comment --comment SRC-NAT-1024 -j SNAT --to-source 172.24.239.91
-A POSTROUTING -s 10.8.219.124/32 -o eth1 -m comment --comment SRC-NAT-1025 -j SNAT --to-source 172.31.6.13
-A POSTROUTING -s 10.8.219.0/24 ! -d 224.0.0.0/8 -o eth3 -m comment --comment SRC-NAT-9992 -j SNAT --to-source 172.24.239.100
-A POSTROUTING -s 10.8.219.0/24 ! -d 224.0.0.0/8 -o eth1 -m comment --comment SRC-NAT-9993 -j SNAT --to-source 172.24.239.100
-A VYATTA_PRE_DNAT_HOOK -j RETURN
-A VYATTA_PRE_SNAT_HOOK -j RETURN
COMMIT

    相关文章

      网友评论

          本文标题:vyos 常用命令

          本文链接:https://www.haomeiwen.com/subject/xadtvhtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|vyos 常用命令|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!