not talk about Nf-hipac, and similar to the above also ipset,ipset is encapsulated into a match and iptables linkage? Iptables is not bad, wrong in people simply should not directly expand each simple function into a set of Match/target consortium, the final form of disgusting code! Is that right?All right! I admit that the above yy are all right! But look at Nftables, can it play like this and play more?!
For the OpenStack security group, take the form of a question-and-answer record as follows1. Is it loaded on a compute node or a network node?is loaded in the compute node.2. Is it implemented using the iptable rule?The M version of neutron implements a Openvswitch-based firewall for streaming tablesPreviously common is implemented with iptables, typically creating neutron-openvswi-xxx chains3. Iptables implemented firewall method, the added rules are accept, the rest of the packages are drop?Ye
It is too troublesome to use different IP addresses to access the Internet in the lab and dormitory. I wrote two BAT files to modify them.
@ Echo offecho set 422ip address set ADDR = 10.214.25.81set mask = 255.255.255.0set gway = 255.dns1 = 10.0.21echo 255.echo IP = % ADDR % echo mask = % mask % echo gateway = % gway % echo DNS = % dns1 % netsh interface IP Set address "Local Connection" static ADDR = % ADDR % mask = % mask % gateway = % gway % 1 netsh interface IP Set DNS "Local Connection" st
Keepalived for high availability and keepalived
Originally published on cu:
Reference:
This article involves keepalived installation, simple configuration, and high availability for haproxy.I. Environment preparation 1. Operating System
CentOS-7-x86_64-Everything-15112. Keepalived version
As of February 22, the keepalived version is 1.3.5:
Http://www.keepalived.org/software/keepalived-1.3.5.tar.gz3. Topology
Ii. install and configure Keepalived
The following process is completed at Node 1. For N
and use keepalived to virtualize vip: 10.11.4.150 for high availability;
5) for more information about Haproxy configurations, see configure;
6) Take web1 as an example. Set the test page to facilitate subsequent viewing of the verification results.
Ii. install and configure Keepalived
The following process is completed at Node 1. For Node 2, see Node 1 for proper modification.1. Dependent Software
[Root @ elk-node1 ~] # Yum install openssl-devel libnl3-devel
similar to visualizing the port. The service needs to be added to the configuration file. The/etc/firewalld directory contains the services folder. This is not detailed. For more information, see the documentation.
# Firewall-cmd -- zone = work -- add-service = smtp
Remove Service
# Firewall-cmd -- zone = work -- remove-service = smtp
Test: [root @ iotApp iagri-44 ~] # Echo "hello felix" | nc-l 6666
Remote Host: telnetiotApp iagri-44 6666 back:
Connected toiotApp iagri-44
Escape character is
The following describes how to perform the operation. Take my computer as an example to give a demonstration.
I also have two NICs, one is the Office intranet and the other is the Internet.Connect to the Intranet Nic,IPSet:192.168.1.111, Gateway is set192.168.1.1Nic connected to the Internet,IPSet:192.168.0.111, Gateway is set192.168.0.1In the command line, useRoute printCommand to view the current defau
{
return result;
}
}
Else
{
return null;
}
}
}
Auxiliary classes, for storing IP index information
///
public class Cz_index_info
{
Public UInt32 Ipset;
Public UInt32 Ipend;
Public UInt32 Offset;
Public Cz_index_info ()
{
Ipset = 0;
ipend = 0;
Offset = 0;
}
}
Read Pure IP Database class
public class Phczip
{
protected bool bfilepathinitialized;
protected string FilePath;
= OpenStackRabbit_password= Rabbit_pass (password for created message middleware password, mine for 123) [Keystone_authtoken]#配置认证访问Auth_uri= http://controller:5000Auth_url= http://controller:35357Auth_plugin= passwordproject_domain_id= Defaultuser_domain_id= DefaultProject_Name= Serviceusername= NeutronPassword= Neutron_pass (my password is NEUTRON)3. Modify Modular Layer 2 (ML2) plug-inVIM/ETC/NEUTRON/PLUGINS/ML2/ML2_CONF.INI[ML2]#启用flat, Vlan,gre and Vxlan network type drivers, GRE tenant net
Type network configuration. netsh# ----------------------------------# interface IP Configuration# ----------------------------------pushd Interface IP## interface IP configuration for "Local Area Connection"#设静态IPSet address name= "Local Area Connection" Source=static addr=192.168.1.20 mask=255.255.255.0#设默认网关Set address name= "Local Area Connection" gateway=192.168.1.1 gwmetric=0#设首选dnsSet DNS name= "Local Area Connection" Source=static addr=192.168
Each time I access the Internet from another location, I have to reset the IP address, which is quite time-consuming. So I wrote a batch of requests for automatic setting.Save the following code as the **. bat file in notepad, and change the IP address, gateway, DNS, and nic name to your own one. Run the command as an administrator.(1) set the dynamic IP address and obtain it automatically.@ ECHO OFFEcho ip address modification ToolECHO is setting to automatically obtain the IP address. Please w
Reposted on: Qian Xiaozhi IP address Quick Switch
The mobility of the current notebook is enhanced. We need to connect to the network in multiple environments and manually set the IP address, gateway, and other information each time without the vro automatically assigned, it is very cumbersome. In practice, the netsh command is used to quickly switch IP addresses.
A. Basic usage
1. Create a New notepad and write the following information:
Int IPSet
, such as the IP address, can be defined like a bash script. The lack of the rule operation plane of iptables is indeed a serious injury, but it cannot be killed by a stick. We know that ipset is one of the efforts to make up for this deficiency, the definition of the matching IP Set is handed over to the ipset program. We expect to see a lot of sets, such as protoset, portset, stateset... in this regard, w
/wKiom1Q44vjCveK6AACyFEupqTg306.jpg "title=" 3.png " alt= "Wkiom1q44vjcvek6aacyfeupqtg306.jpg"/> General disable local connection and turn it on. But you've been looking all over for information, and it must have been tried n times. Remove the wrong gateway with the route command > just fine. Set gateway=192.168.0.1:: This changes to your gateway Ipset interface=12:: This interface number can be found in the "route print" command "interface
The procedure is as follows:
Create a folder on the XP1 host. The folder contains four files and the file content is 1.
Figure 1
Description of the four files:Export xec.exe: a tool used to remotely execute commands.Pclist.txt: a text file called by psexec. You can enter a computer name. This is an optional option to conveniently modify the computer name in the file. You can also process multiple computers at the same time. You only need to enter one computer name in each line.IPset. bat: Writ
trbrf mtu 1500 said 101005P IBMSet vlan 1003 name token-ring-default type trcrf mtu 1500 said 10Ve mode sulfate aremaxhop 7 stemaxhop 7 backupcrf off!# IpSet interface sc0 1 10.1.1.253/255.255.255.0 10.1.1.255 # IP address of the vswitchSet ip route 0.0.0.0/0.0.0.0 10.1.1.254 # Default GatewaySet ip alias default 0.0.0.0 # set the device name corresponding to the ip address to facilitate managementSet ip alias 6506 10.1.1.253 # purpose: ping 2620, te
trbrf mtu 1500 said 101005P IBMSet vlan 1003 name token-ring-default type trcrf mtu 1500 said 10Ve mode sulfate aremaxhop 7 stemaxhop 7 backupcrf off!# IpSet interface sc0 1 10.1.1.253/255.255.255.0 10.1.1.255 # IP address of the vswitchSet ip route 0.0.0.0/0.0.0.0 10.1.1.254 # Default GatewaySet ip alias default 0.0.0.0 # set the device name corresponding to the ip address to facilitate managementSet ip alias 6506 10.1.1.253 # purpose: ping 2620, te
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.