- 该话题包含 0个回复,1 人参与,最后由
更新于 2年、 7月前 。
正在查看 1 个帖子:1-1 (共 1 个帖子)
-
帖子
-
1.先卸载和移除k3s k3s-killall.sh k3s-uninstall.sh 2.停用k3s的容器 docker stop $(docker ps -a -q --filter "name=k8s_") | xargs docker rm 3.启动iptalbes 并设置开机启动 systemctl stop firewalld systemctl disable firewalld yum install iptables-services systemctl start iptables systemctl enable iptables 4.参考以下iptables规则 # Erase iptables rules iptables -F # Block the most common attacks iptables -A INPUT -p tcp --tcp-flags ALL NONE -j DROP iptables -A INPUT -p tcp ! --syn -m state --state NEW -j DROP iptables -A INPUT -p tcp --tcp-flags ALL ALL -j DROP # Enable outgoing connections iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A INPUT -i lo -j ACCEPT iptables -P OUTPUT ACCEPT # Open Traffik http and https ports iptables -A INPUT -s 110.xxx.xxx.xxx -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp -m tcp --dport 443 -j ACCEPT iptables -A INPUT -s 10.42.0.0/16 -d /32 -j ACCEPT # Open SSH port iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT # Block everything else iptables -P INPUT DROP 5.保存规则,重启iptables iptables-save | sudo tee /etc/sysconfig/iptables service iptables restart 6.重新安装k3s curl -sfL https://get.k3s.io | sh -s - --docker
正在查看 1 个帖子:1-1 (共 1 个帖子)
- 哎呀,回复话题必需登录。
