2. 程式人生 > >CentOS7.3下的一個iptables配置

CentOS7.3下的一個iptables配置

阿新 發佈:2017-08-16
iptables

centos7.3默認使用的防火墻應該是firewall,而不是iptables。而我們如果想要再服務器上使用iptables防火墻,在配置防火墻之前,我們需要先關閉firewall,安裝iptables。


當前環境:

[[email protected] ~]# cat /etc/redhat-release 
CentOS Linux release 7.3.1611 (Core) 
[[email protected] ~]# uname -r
3.10.0-514.el7.x86_64
[[email protected] ~]#


查看firewall狀態:

[[email protected] ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
   Active: inactive (dead)
     Docs: man:firewalld(1)
[[email protected] ~]#


如果要關閉firewall防火墻,則執行 

[[email protected] ~]#systemctl stop firewalld

如果要設置開機不啟動,則執行

[[email protected] ~]# systemctl disable firewalld
[[email protected] ~]#


接下來安裝iptables服務

[[email protected] ~]# yum -y install iptables-services


查看iptables狀態,執行

[[email protected] ~]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled; vendor preset: disabled)
   Active: inactive (dead)
[[email protected]
/* */ ~]#


設置開機啟動

[[email protected] ~]# systemctl enable iptables.service
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[[email protected] ~]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: inactive (dead)
[[email protected] ~]#


啟動iptables服務

[[email protected] ~]# systemctl start iptables.service
[[email protected] ~]# systemctl status iptables.service
● iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)
   Active: active (exited) since Tue 2017-08-15 22:27:23 EDT; 1s ago
  Process: 2243 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)
 Main PID: 2243 (code=exited, status=0/SUCCESS)
Aug 15 22:27:23 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...
Aug 15 22:27:23 localhost.localdomain iptables.init[2243]: iptables: Applying firewall rules: [  OK  ]
Aug 15 22:27:23 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.
[[email protected] ~]#


查看iptables默認訪問規則

[[email protected] ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
   45  3348 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22
    9   702 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 REJECT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 36 packets, 4064 bytes)
 pkts bytes target     prot opt in     out     source               destination         
[[email protected] ~]#


查看iptables配置文件的默認規則設置:

[[email protected] ~]# cat /etc/sysconfig/iptables
# sample configuration for iptables service
# you can edit this manually or use system-config-firewall
# please do not ask us to add additional ports/services to this default configuration
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
[[email protected] ~]#


常用iptables配置範例:

[[email protected] ~]# iptables -L -nv
Chain INPUT (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ping       icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 state NEW
   39  3016 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       192.168.112.0        0.0.0.0/0           
    0     0 ACCEPT     all  --  *      *       10.0.10.0            0.0.0.0/0           
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:444
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:843
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8001
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8002
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8003
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:8080
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:10050
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:10051
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain OUTPUT (policy ACCEPT 31 packets, 2884 bytes)
 pkts bytes target     prot opt in     out     source               destination         
Chain ping (1 references)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0           
[[email protected] ~]#


此時如果想保存當前配置到某個文件(這裏用access.txt),可以使用iptables-save命令:

[[email protected] ~]# iptables-save >access.txt
[[email protected] ~]# cat access.txt 
# Generated by iptables-save v1.4.21 on Tue Aug 15 22:41:42 2017
*nat
:PREROUTING ACCEPT [9:702]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [5:380]
:POSTROUTING ACCEPT [5:380]
COMMIT
# Completed on Tue Aug 15 22:41:42 2017
# Generated by iptables-save v1.4.21 on Tue Aug 15 22:41:42 2017
*raw
:PREROUTING ACCEPT [96:7170]
:OUTPUT ACCEPT [66:8472]
:OUTPUT_direct - [0:0]
:PREROUTING_direct - [0:0]
-A PREROUTING -j PREROUTING_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue Aug 15 22:41:42 2017
# Generated by iptables-save v1.4.21 on Tue Aug 15 22:41:42 2017
*security
:INPUT ACCEPT [87:6468]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [66:8472]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Tue Aug 15 22:41:42 2017
# Generated by iptables-save v1.4.21 on Tue Aug 15 22:41:42 2017
*mangle
:PREROUTING ACCEPT [96:7170]
:INPUT ACCEPT [96:7170]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [66:8472]
:POSTROUTING ACCEPT [66:8472]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Tue Aug 15 22:41:42 2017
# Generated by iptables-save v1.4.21 on Tue Aug 15 22:41:42 2017
*filter
:INPUT DROP [9:702]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [66:8472]
:ping - [0:0]
-A INPUT -p icmp -m icmp --icmp-type 8 -m state --state NEW -j ping
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -s 192.168.112.0/32 -j ACCEPT
-A INPUT -s 10.0.10.0/32 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 444 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 843 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8001 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8002 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8003 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10050 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 10051 -j ACCEPT
-A ping -p icmp -m icmp --icmp-type 8 -m limit --limit 1/sec -j ACCEPT
-A ping -p icmp -j ACCEPT
COMMIT
# Completed on Tue Aug 15 22:41:42 2017
[[email protected] ~]#


如果不小心把配置全部清理了,這是可以用iptables-restore 命令重新將配置導入:

[[email protected] ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination 
Chain FORWARD (policy ACCEPT 0 packets, 0 by
 pkts bytes target     prot opt in     out     source               destination 
Chain OUTPUT (policy ACCEPT 0 packets, 0 by
 pkts bytes target     prot opt in     out     source               destination 
[[email protected] ~]# iptables-restore access.
[[email protected] ~]# iptables -L
Chain INPUT (policy DROP 0 packets, 0 by
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ping       icmp --  *      *       0.0.0.0/0            0.0.0.0/0    icmptype 8 state NEW
    5   356 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0    ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0    state RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0   
    0     0 ACCEPT     all  --  *      *       192.168.112.0        0.0.0.0/0   
    0     0 ACCEPT     all  --  *      *       10.0.10.0            0.0.0.0/0   
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:80
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:444
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:443
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:843
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:8001
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:8002
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:8003
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:8080
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:10050
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0    tcp dpt:10051
Chain FORWARD (policy ACCEPT 0 packets, 0 by
 pkts bytes target     prot opt in     out     source               destination 
Chain OUTPUT (policy ACCEPT 4 packets, 416 by
 pkts bytes target     prot opt in     out     source               destination 
Chain ping (1 referen
 pkts bytes target     prot opt in     out     source               destination 
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0    icmptype 8 limit: avg 1/sec burst 5
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0   
[[email protected]


部分規則解釋說明:

摘自:http://www.cnblogs.com/alwu007/p/6693822.html

[[email protected] ~]# systemctl enable iptables.service

編輯並修改配置文件/etc/sysconfig/iptables,使用下面的配置

*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:TEST - [0:0]
-A INPUT -j TEST
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -i eth1 -d 192.168.1.100 --syn -m recent --name suduip --rcheck --seconds 1 --hitcount 15 -j DROP
-A INPUT -p tcp -i eth1 -d 192.168.1.100 --syn -m recent --name suduip --set
-A INPUT -i eth1 -p tcp -m tcp -d 192.168.1.100 --syn -m connlimit --connlimit-above 50 --connlimit-mask 32 --connlimit-saddr -j DROP
#-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m length --length 0:128 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
... ...
-A INPUT -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j TEST
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j TEST
-A TEST -j RETURN
COMMIT


1.檢查替換eth1;2.檢查替換-d ip;3.若是centos6.8,檢查iptables版本是v1.4.7還是v1.4.21,前者不支持–connlimit-saddr選項,去掉即可。下面,我簡單解釋一下這個配置


# filter表
*filter
# INPUT鏈默認策略為ACCEPT
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
# 自定義TEST鏈
:TEST - [0:0]
# 進入TEST鏈(從後面配置看,TEST鏈只是RETURN了回來,沒有其他規則)
-A INPUT -j TEST
# 接受連接狀態是RELATED和ESTABLISHED的包
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
# 接受ICMP協議的包
-A INPUT -p icmp -j ACCEPT
# 接受回環接口的包
-A INPUT -i lo -j ACCEPT
# 同一源IP1秒內最多可發起14次目的地址是192.168.1.100的TCP連接請求,15次及以上的包將被接口eth1丟棄
# 為什麽同時指定-i和-d?猜測:路由器裏的路由表可能人為或未及時更新導致路由表映射錯誤,導致發到接口eth1的包的目的IP錯誤。為了防止此類包,則需同時指定-i和-d
-A INPUT -p tcp -i eth1 -d 192.168.1.100 --syn -m recent --name suduip --rcheck --seconds 1 --hitcount 15 -j DROP
-A INPUT -p tcp -i eth1 -d 192.168.1.100 --syn -m recent --name suduip --set
# 同一源IP只允許50個目的地址是192.168.1.100的TCP連接請求,超出的包將被接口eth1丟棄
-A INPUT -i eth1 -p tcp -m tcp -d 192.168.1.100 --syn -m connlimit --connlimit-above 50 --connlimit-mask 32 --connlimit-saddr -j DROP
# 此條規則有問題(猜測,可能是--length 129 -j DROP)
#-A INPUT -p tcp -m tcp --tcp-flags FIN,SYN,RST,PSH,ACK,URG SYN -m length --length 0:128 -j ACCEPT
# 下面這些規則對TCP連接請求包開放部分端口
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
... ...
# 丟棄所有包
-A INPUT -j DROP
# 上一條規則已經丟棄了所有包,此條規則貌似到不了
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j TEST
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j TEST
-A TEST -j RETURN
COMMIT


重啟iptables

[[email protected] ~]# systemctl restart iptables.service


查看防火墻規則是否已應用

[[email protected] ~]# iptables -L -nv

本文出自 “平平淡淡才是真” 博客,請務必保留此出處http://ucode.blog.51cto.com/10837891/1956698

CentOS7.3下的一個iptables配置

相關推薦

CentOS7.3一個iptables配置

iptablescentos7.3默認使用的防火墻應該是firewall,而不是iptables。而我們如果想要再服務器上使用iptables防火墻,在配置防火墻之前,我們需要先關閉firewall,安裝iptables。當前環境:[[email protected]/* */ ~]# cat /

CentOS7.3關於DHCP中繼代理服務器的詳細配置

loopback list fig router ges 覆蓋 tun ring erro DHCP服務器只作用於局域網同一網段內,客戶端是通過廣播消息來獲得DHCP服務器響應後才能得到IP地址的,但廣播消息不能跨越子網,那麽如何讓客戶端獲取到DHCP服務器提供的IP地址呢

Linux實戰第八篇:CentOS7.3Nginx虛擬主機配置實戰(基於端口)

基於 sub 主機配置 centos7.3 entos ada .com 版本 fad 個人筆記分享(在線閱讀): http://note.youdao.com/noteshare?id=9a8b56ec54800ccf197eb6c23de55a85&sub=2E3048

CentOS7.3Zabbix3.5之郵件報警配置

執行權 就會 郵箱地址 郵件標題 編寫 區分 min val 步驟 一、郵件客戶端以及腳本相關配置 1、安裝sendmail,一般操作系統默認安裝了安裝 yum install sendmail 啟動 service sendmail start 設置

Linux 關於Docker介紹、Linux(Centos7.3)安裝、Docker加速器配置、Docker-compose安裝以及基本命令的使用介紹

今天給各位同學進行Docker方面的知識介紹,一方面Docker的技術越來越火了,而且現在容器化也是一個發展趨勢,另一方面,Docker確實用起來相當方便,降低了運維的門檻,讓我們開發也能在不需要有太多linux的功底下,快速安裝很多我們所需要的第三方功能

nginx+php7+mysql 在centos7.3安裝

打開 cannot freetype res user error: nbsp repl source 1、Nginx yum安裝   1)添加Nginx到YUM源     添加CentOS 7 Nginx yum資源庫,打開終端,使用以下命令:     sudo rp

Zabbix之CentOS7.3yum安裝Zabbix3.5

分布式監控 web配置 媒體 cte share 網絡 ant 介紹 lin Zabbix特點介紹 (此介紹來源於https://www.zabbix.com/documentation/3.4/zh/manual/introduction/features) 概述Zabb

CentOS7.3ELK日誌分析系統集群搭建

rtu 服務器端 output 行修改 disco boot 刷新 客戶端 tst Elasticsearch是個基於Lucene實現的開源、分布式、restful的全文本搜索引擎,此外他還是一個分布式實時文檔存儲,其中每個文檔的每個filed均是可被索引的數據,且可被

Centos7.3mysql5.7.18安裝並修改初始密碼的方法

ice version 分享 form for 榮耀 serve 密碼 doc 1、官方安裝文檔 http://dev.mysql.com/doc/mysql-yum-repo-quick-guide/en/ 2、下載 Mysql yum包 http://dev.mysql

CentOS7.3 開放防火牆的埠

CentOS 7.3預設使用的是firewall作為防火牆,這裡改為iptables防火牆。 1:關閉firewall: systemctl stop firewalld.service systemctl disable firewalld.service systemctl mask firewa

Linux工作筆記032---Centos7.3安裝mysql

解除安裝MariaDB 因為擔心Oracle把MySQL變成閉源軟體 MySQL的創始人利用MySQL的原始碼建立了MariaDB,MariaDB與MySQL相容 CentOS擔心使用MySQL會引來版權問題,所以改為整合MariaDB yum remov

Centos7.2Solr的配置

介紹:一個很方便的搜尋系統,減輕資料庫的搜尋壓力,一般小型網站應該用不到,我覺得我應該用不著(最起碼現在用不著),沒辦法已經用了就記下吧 安裝 1 solr需要和tomcat一塊使用,所以大家需要現在伺服器中先使tomcat執行起來,解壓 tar -zxvf solr-4.10.3.tgz

Centos7.3搭建lamp環境

今天準備在阿里雲的ESC Centos7.3環境下搭建Lamp環境(Linux+Apache+Mysql+Php),在此順便記錄一下。 1. 安裝Apache 我使用的yum安裝       (1) 安裝Apache    yum -y install httpd  

CentOS7.3yum安裝Kubernetes1.4傻瓜教程

在CentOS7.3下yum安裝Kubernetes1.4傻瓜教程   一、前言   Kubernetes 是Google開源的容器叢集管理系統,基於Docker構建一個容器的排程服務,提供資源排程、均衡容災、服務註冊、動態擴縮容等功能套件,目前centos yum源上最新版

樹莓派3使用QT5配置ffmpeg環境並呼叫硬體編解碼器

最近由於專案需要,使用樹莓派編碼兩路視訊無線傳輸到pc端,遇到種種難題 ,做個簡單筆記.借鑑了不少前人的經驗,給個連結http://www.jianshu.com/p/dec9bf9cffc9 平臺 樹莓派3b,raspbian系統,x264最新版庫,f

Centos7.3 坑爹網路配置

1、目的: 我想在Vmvare配置成NAT模式的上網,因為這個模式宿主機可以訪問虛擬機器,虛擬機器也可以訪問宿主機,但僅主機模式只能是宿主機能訪問虛擬機器,但虛擬機器不能訪問宿主機。所以我為了能在虛擬機器裡面上網,要配置成NAT模式。 2、遇到的問題 顯示Centos7.3

CentOS7.3安裝MySql5.7

3. 安裝yum源命令:yum localinstall mysql57-community-release-el7-11.noarch.rpm安裝成功後如下4. 檢查yum源是否安裝成功命令:yum repolist enabled | grep "mysql.*-community.*"5. 安裝mysq

阿里雲 CentOS7.3 安裝JDK

CentOS 7 嘗試安裝 jkd 1.8.0_121 #java -version 操作報錯 -bash: /usr/local/jdk1.8.0_121/bin/java: /lib/ld-

centos7.3安裝nginx出現make: *** No rule to make target `build', needed by `default'. Stop.

解決辦法:  yum -y install openssl openssl-devel 原帖: http://www.169it.com/article/2742357741876659266.ht

centos7.3安裝redis3.2 yum安裝

並且 後臺 安裝完成 redis3 完成後 掛載 bin 保存 設置 1、進入centos 2、運行:yum install redis 3、安裝完成後,選擇y,確認 4、進入:cd /etc/;vi redis.conf 將,daemonize 修改為yes,並且添加bi