美文网首页
vyos 常用命令

vyos 常用命令

作者: Foreally | 来源:发表于2020-04-14 15:58 被阅读0次

show configuration commands

root@vyos:/home/vyos# show configuration commands 
set firewall group address-group eip-group address '10.8.219.183'
set firewall group address-group eip-group address '10.8.219.124'
set firewall name eth0.in default-action 'reject'
set firewall name eth0.in rule 4000 action 'accept'
set firewall name eth0.in rule 4000 state established 'enable'
set firewall name eth0.in rule 4000 state related 'enable'
set firewall name eth0.in rule 4001 action 'accept'
set firewall name eth0.in rule 4001 protocol 'icmp'
set firewall name eth0.in rule 9999 action 'accept'
set firewall name eth0.in rule 9999 state new 'enable'
set firewall name eth0.local default-action 'reject'
set firewall name eth0.local rule 1 action 'accept'
set firewall name eth0.local rule 1 destination address '192.168.8.204'
set firewall name eth0.local rule 1 state established 'enable'
set firewall name eth0.local rule 1 state related 'enable'
set firewall name eth0.local rule 2 action 'accept'
set firewall name eth0.local rule 2 destination address '192.168.8.204'
set firewall name eth0.local rule 2 protocol 'icmp'
set firewall name eth0.local rule 3 action 'accept'
set firewall name eth0.local rule 3 destination address '192.168.8.204'
set firewall name eth0.local rule 3 destination port '22'
set firewall name eth0.local rule 3 protocol 'tcp'
set firewall name eth0.local rule 4 action 'accept'
set firewall name eth0.local rule 4 description 'management-port-rule'
set firewall name eth0.local rule 4 destination address '192.168.8.204'
set firewall name eth0.local rule 4 destination port '7272'
set firewall name eth0.local rule 4 protocol 'tcp'
set firewall name eth1.in default-action 'reject'
set firewall name eth1.in rule 1 action 'accept'
set firewall name eth1.in rule 1 description 'IPSEC-c23238c420114233b207ddfffdee4bbb-10.0.161.1/24'
set firewall name eth1.in rule 1 source address '10.0.161.1/24'
set firewall name eth1.in rule 1 state established 'enable'
set firewall name eth1.in rule 1 state new 'enable'
set firewall name eth1.in rule 1 state related 'enable'
set firewall name eth1.in rule 4000 action 'accept'
set firewall name eth1.in rule 4000 state established 'enable'
set firewall name eth1.in rule 4000 state related 'enable'
set firewall name eth1.in rule 4001 action 'accept'
set firewall name eth1.in rule 4001 protocol 'icmp'
set firewall name eth1.in rule 4002 action 'accept'
set firewall name eth1.in rule 4002 description 'PF-172.24.239.90-333-333-fa:fb:f3:01:0d:03-22-22-TCP'
set firewall name eth1.in rule 4002 destination address '10.8.219.196'
set firewall name eth1.in rule 4002 destination port '22'
set firewall name eth1.in rule 4002 protocol 'tcp'

show configuration

root@vyos:/home/vyos# show configuration 
firewall {
    group {
        address-group eip-group {
            address 10.8.219.183
            address 10.8.219.124
        }
    }
    name eth0.in {
        default-action reject
        rule 4000 {
            action accept
            state {
                established enable
                related enable
            }
        }
        rule 4001 {
            action accept
            protocol icmp
        }
        rule 9999 {
            action accept
            state {
                new enable
            }
        }
    }
    name eth0.local {
        default-action reject
        rule 1 {
            action accept
            destination {
                address 192.168.8.204
            }
            state {
                established enable
                related enable
            }
        }
        rule 2 {
            action accept
            destination {
                address 192.168.8.204
            }
            protocol icmp
        }
        rule 3 {
            action accept
            destination {
                address 192.168.8.204
                port 22
            }
            protocol tcp
        }
        rule 4 {
            action accept
            description management-port-rule
            destination {
                address 192.168.8.204
                port 7272
            }
            protocol tcp
        }
    }

iptables-save

root@vyos:/home/vyos# iptables-save 
# Generated by iptables-save v1.4.12.2 on Tue Apr 14 15:57:24 2020
*mangle
:PREROUTING ACCEPT [271509:73740344]
:INPUT ACCEPT [166463:67078153]
:FORWARD ACCEPT [564:61708]
:OUTPUT ACCEPT [87246:12820229]
:POSTROUTING ACCEPT [87810:12881937]
-A PREROUTING -m comment --comment Zs-Pr-Default-Rules -j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff
-A PREROUTING -m comment --comment Zs-Pr-Default-Rules -m mark ! --mark 0x0 -j ACCEPT
COMMIT
# Completed on Tue Apr 14 15:57:24 2020
# Generated by iptables-save v1.4.12.2 on Tue Apr 14 15:57:24 2020
*nat
:PREROUTING ACCEPT [27169:4283670]
:INPUT ACCEPT [179:11602]
:OUTPUT ACCEPT [9269:558287]
:POSTROUTING ACCEPT [3121:189407]
:VYATTA_PRE_DNAT_HOOK - [0:0]
:VYATTA_PRE_SNAT_HOOK - [0:0]
-A PREROUTING -j VYATTA_PRE_DNAT_HOOK
-A PREROUTING -d 172.24.239.90/32 -p tcp -m tcp --dport 333 -m comment --comment DST-NAT-1 -j DNAT --to-destination 10.8.219.196:22
-A PREROUTING -d 172.31.6.12/32 -p tcp -m tcp --dport 44 -m comment --comment DST-NAT-2 -j DNAT --to-destination 10.8.219.183:22
-A PREROUTING -d 172.24.239.91/32 -m comment --comment DST-NAT-3 -j DNAT --to-destination 10.8.219.183
-A PREROUTING -d 172.31.6.13/32 -m comment --comment DST-NAT-4 -j DNAT --to-destination 10.8.219.124
-A POSTROUTING -j VYATTA_PRE_SNAT_HOOK
-A POSTROUTING -s 10.8.219.0/24 -d 10.0.161.0/24 -o eth1 -m comment --comment SRC-NAT-1 -j RETURN
-A POSTROUTING -s 10.8.219.183/32 -o eth1 -m comment --comment SRC-NAT-1024 -j SNAT --to-source 172.24.239.91
-A POSTROUTING -s 10.8.219.124/32 -o eth1 -m comment --comment SRC-NAT-1025 -j SNAT --to-source 172.31.6.13
-A POSTROUTING -s 10.8.219.0/24 ! -d 224.0.0.0/8 -o eth3 -m comment --comment SRC-NAT-9992 -j SNAT --to-source 172.24.239.100
-A POSTROUTING -s 10.8.219.0/24 ! -d 224.0.0.0/8 -o eth1 -m comment --comment SRC-NAT-9993 -j SNAT --to-source 172.24.239.100
-A VYATTA_PRE_DNAT_HOOK -j RETURN
-A VYATTA_PRE_SNAT_HOOK -j RETURN
COMMIT

相关文章

  • vyos 常用命令

    show configuration commands show configuration iptables-save

  • vyos自动化脚本示例

    自动化脚本,自动配置:

  • VYOS SSH秘钥登陆

    在linux下使用ssh-keygen命令创建公钥和私钥。 编辑id_rsa.pub文件,复制2个空格之间的内容 ...

  • 其他

    Git常用命令mac常用命令Linux 常用命令汇总Linux 常用命令0Linux 常用命令1--ls命令

  • Docker

    目录 常用命令 常用命令

  • Linux CentOS基础知识和常用命令

    常用命令1 常用命令2 常用命令3 常用命令4 Linux 目录配置 1、根目录(/)根目录(/)所在分区应该越小...

  • Shell命令汇总

    1、一般常用命令 (1)Shell 常用命令总结 (2)Shell的18条常用命令整理 2、文件操作常用命令 (1...

  • Flutter - 常用命令

    Flutter 常用命令 Flutter 常用命令: Flutter 常用命令说明flutter列出所有的命令fl...

  • Linux常用命令

    Linux常用命令 查看系统信息常用命令 常用命令-关机或重启命令 命令前结构

  • Linux 常用命令汇总

    Linux 常用命令0Linux 常用命令1--ls命令 参考 Linux 常用命令汇总

网友评论

      本文标题:vyos 常用命令

      本文链接:https://www.haomeiwen.com/subject/xadtvhtx.html

      延伸阅读

      深度阅读

      • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

      栏目导航

      热点阅读

      关于我们|服务条款|联系我们|vyos 常用命令|投稿指南|网站地图|RSS订阅|排版工具|手机版

      提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

      Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

      备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

      本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

      所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!