Common CentOS command

# View httpd process count ps-ef | grephttpd | wc-l # view the number of Apache concurrent requests and their TCP connection status netstat-n | awk & #39; /^ tcp/{++ S [$ NF]} END {for (ainS) printa, S [a]} & #39 ;--------------------------------------

# View the number of httpd processes
Ps-ef | grep httpd | wc-l

 

# View the number of concurrent Apache requests and their TCP connection status
Netstat-n | awk '/^ tcp/{++ S [$ NF]} END {for (a in S) print a, S [a]}'
--------------------------------------------------------------------
SYN_RECV indicates the number of requests waiting for processing;
ESTABLISHED indicates the normal data transmission status;
TIME_WAIT indicates the number of requests that have been processed and wait for the timeout to end.

 

# View the number of tcp statuses
Netstat-nat | awk '{print awk $ NF}' | sort | uniq-c | sort-n

# Sort the client ip of the request 80 service by the number of connections
Netstat-nat | grep ": 80" | awk '{print $5}' | awk-F: '{print $1}' | sort | uniq-c | sort-n

# Print the total number of requests for all current port 80
Netstat-nat | grep-I "80" | wc-l

# Total number of established connections for all port 80 currently
Netstat-na | grep ESTABLISHED | wc-l

 

 

 

 

# Control the maximum number of concurrent connections for a single IP address-the maximum number of connections allowed for a single IP address is 100
Iptables-I INPUT-p tcp -- dport 80-m connlimit -- connlimit-abve 100-j REJECT

# Control the number of new connections allowed by a single IP address within a certain period of time (such as 60 seconds) -- # a single IP address can only create a maximum of 100 connections within 60 seconds
Iptables-a input-p tcp -- dport 80-m recent -- name BAD_HTTP_ACCESS -- update -- seconds 60 -- hitcount 100-j REJECT
Iptables-a input-p tcp -- dport 80-m recent -- name BAD_HTTP_ACCESS -- set-j ACCEPT

 

# Disabling ip addresses
Iptables-t nat-a prerouting-d 110.75.17.90-j DROP

# Disable ip port 80
Iptables-a input-s 110.75.17.90-p tcp -- dport 80-j DROP

# Allow ip port 80
Iptables-a input-s 110.75.17.90-p tcp -- dport 80-j ACCEPT

 

 

# Disable ping response
Echo 1>/proc/sys/net/ipv4/icmp_echo_ignore_all

# Enable ping response
Echo 0>/proc/sys/net/ipv4/icmp_echo_ignore_all

 

-------------------------------------------
Disable port 81]
In linux, Port 81 is usually disabled.
Enable port 81:
Iptables-I input-I eth0-p tcp -- dport 81-j ACCEPT
Iptables-I OUTPUT-o eth0-p tcp -- sport 81-j ACCEPT
Close Port 81:
Iptables-I input-I eth0-p tcp -- dport 81-j DROP
Iptables-I OUTPUT-o eth0-p tcp -- sport 81-j DROP

Then save:
#/Etc/rc. d/init. d/iptables save

Check whether there are already:
[Root @ vcentos ~] #/Etc/init. d/iptables status
-------------------------------------------

# Edit iptables
Vi/etc/sysconfig/iptables

######################################## ####################
After JBoss is installed, enter the address http://xx.190.xx. 25: 8080/iNMS31Web on the client and find that the default port 8080 is inaccessible.

By default, the Linux firewall disables port 8080. Therefore, to access port 8080, you can disable the firewall and enable the firewall to open port 8080.

To open port 8080, follow these steps:

1. modify the/etc/sysconfig/iptables file and add the following line:

-A RH-Firewall-1-INPUT-m state -- state NEW-m tcp-p tcp -- dport 8080-j ACCEPT

2. restart the firewall. There are two methods to restart the firewall.

A) it takes effect after restart
Enable: chkconfig iptables on
Close: chkconfig iptables off

B) it takes effect immediately and becomes invalid after restart.
Enable: service iptables start
Disable: service iptables stop

Access from the client again. successful!

Appendix: iptables introduction

Iptables-static firewall
Iptables is complex and integrated into the Linux kernel. You can use iptables to filter data packets that come in and out of your computer. Use the iptables command to set your rules to keep your computer network secure-which data is allowed to pass, which cannot pass, and which data is recorded (log ).
######################################## ####################

 

 

# View capacity
Df-lh