小迅的神奇海螺

配置Photon OS

2023-03-28

网络配置

1
vi /etc/systemd/network/99-static-en.network

配置样例如下

1
2
3
4
5
6
7
[Match]
Name=eth0

[Network]
Address=10.84.0.48/24
Gateway=10.84.0.254
DNS=10.193.16.105

SSH

1
2
cp /etc/systemd/system/sockets.target.wants/sshd.socket /etc/systemd/system/sshd.socket
vi /etc/systemd/system/sshd.socket

修改

1
ListenStream=2222

重启服务

1
2
systemctl enable sshd.socket
systemctl restart sshd.socket

防火墙配置

1
vi /etc/systemd/scripts/ip4save

添加规则

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# init
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT DROP [0:0]
# Allow local-only connections
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
#keep commented till upgrade issues are sorted
#-A INPUT -j LOG --log-prefix "FIREWALL:INPUT "
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A OUTPUT -j ACCEPT

# 添加规则
##允许icmp
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT

##允许常用端口
###tcp
#### Kubelet metrics			10250
#### Kubernetes API Server		6443
#### longhorn
##### Other Instance Manager	10000-30000
##### Backing Image Manager		8002
-A INPUT -p tcp -m multiport --dports 8000:8002,8500,9500,10000:30000,6443,2222,80,443,30080 -j ACCEPT
###udp
#### 8472:flannel VXLAN网络
-A INPUT -p udp --dport 8472 -j ACCEPT
COMMIT

重启

1
systemctl restart iptables

时区

1
2
rm /etc/localtime 
ln -s /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
Tags: 运维 Linux
k3s让traefik获取真实IP 离线部署k3s
使用支付宝打赏
使用微信打赏

若你觉得我的文章对你有帮助,欢迎点击上方按钮对我打赏

扫描二维码,分享此文章