forward

Vagrant Port Collision on Port 80, but Port 80 is not Forwarded in the VagrantFile

Deadly — Thu, 28 Jan 2021 21:52:33 +0000

Vagrant Port Collision on Port 80, but Port 80 is not Forwarded in the VagrantFile Deadly 2021-01-29 05:52:33

问题

I am following a simple tutorial that directs me to install Tomcat with Vagrant:

vagrant init emessiha/ubuntu64-java --box-version 1.0.0

It then tells me to edit the VagrantFile to forward from 8080 to 8080, then do "vagrant up". When running "vagrant up" I get this message:

Vagrant cannot forward the specified ports on this VM, since they
would collide with some other application that is already listening
on these ports. The forwarded port to 80 is already in use
on the host machine.

To fix this, modify your current project's Vagrantfile to use another
port. Example, where '1234' would be replaced by a unique host port:

   config.vm.network :forwarded_port, guest: 80, host: 1234

Sometimes, Vagrant will attempt to auto-correct this for you. In this
case, Vagrant was unable to. This is usually because the guest machine
is in a state which doesn't allow modifying port forwarding. You could
try 'vagrant reload' (equivalent of running a halt followed by an up)
so vagrant can attempt to auto-correct this upon booting. Be warned
that any unsaved work might be lost.

Here is my VagrantFile. You can see that port 80 is not forwarded.

I tried changing the forwarding ports in VagrantFile from 8080 to 8081, and it did not fix the problem. I then commented the line. Still same problem. I am on a Mac with High Sierra.

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "emessiha/ubuntu64-java"
  config.vm.box_version = "1.0.0"

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  config.vm.network "forwarded_port", guest: 8080, host: 8080, host_ip: "127.0.0.1"

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"

  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.

  # Enable provisioning with a shell script. Additional provisioners such as
  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   apt-get update
  #   apt-get install -y apache2
  # SHELL
end

回答1:

Ports are hard coded in the vagrant file

If you look at the documentation for that vagrant file, it shows that the following ports are already defined

3306
80
8080

I tried to spin up the same vagrant box and found that it used the same ports

vagrant init emessiha/ubuntu64-java \
  --box-version 1.0.0
vagrant up

==> default: Forwarding ports...
    default: 80 (guest) => 80 (host) (adapter 1)
    default: 80 (guest) => 8080 (host) (adapter 1)
    default: 3306 (guest) => 3306 (host) (adapter 1)
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...

If you try and redefine which ports the box will use, it appends those ports instead of replacing them.

Here I tried to forward 3306 to 3307. Instead of replacing the port forward, it added a new entry.

  config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  config.vm.network "forwarded_port", guest: 3306, host: 3307, host_ip: "127.0.0.1"

    default: 80 (guest) => 80 (host) (adapter 1)
    default: 80 (guest) => 8080 (host) (adapter 1)
    default: 3306 (guest) => 3306 (host) (adapter 1)
    default: 3306 (guest) => 3307 (host) (adapter 1)
    default: 22 (guest) => 2222 (host) (adapter 1)

Since this vagrant box is maintained by someone else, you are at the mercy of the port definitions that they have defined. Either find out what program is already using port 80 and stop it. (netstat -plnt on linux) or create your own vagrant box.

来源：https://stackoverflow.com/questions/54354767/vagrant-port-collision-on-port-80-but-port-80-is-not-forwarded-in-the-vagrantfi

标签

vagrant

port

virtualbox

collision

forward

Vagrant Port Collision on Port 80, but Port 80 is not Forwarded in the VagrantFile

痴心易碎 — Thu, 28 Jan 2021 21:48:29 +0000

Vagrant Port Collision on Port 80, but Port 80 is not Forwarded in the VagrantFile 痴心易碎 2021-01-29 05:48:29

问题

I am following a simple tutorial that directs me to install Tomcat with Vagrant:

vagrant init emessiha/ubuntu64-java --box-version 1.0.0

It then tells me to edit the VagrantFile to forward from 8080 to 8080, then do "vagrant up". When running "vagrant up" I get this message:

Vagrant cannot forward the specified ports on this VM, since they
would collide with some other application that is already listening
on these ports. The forwarded port to 80 is already in use
on the host machine.

To fix this, modify your current project's Vagrantfile to use another
port. Example, where '1234' would be replaced by a unique host port:

   config.vm.network :forwarded_port, guest: 80, host: 1234

Sometimes, Vagrant will attempt to auto-correct this for you. In this
case, Vagrant was unable to. This is usually because the guest machine
is in a state which doesn't allow modifying port forwarding. You could
try 'vagrant reload' (equivalent of running a halt followed by an up)
so vagrant can attempt to auto-correct this upon booting. Be warned
that any unsaved work might be lost.

Here is my VagrantFile. You can see that port 80 is not forwarded.

I tried changing the forwarding ports in VagrantFile from 8080 to 8081, and it did not fix the problem. I then commented the line. Still same problem. I am on a Mac with High Sierra.

# All Vagrant configuration is done below. The "2" in Vagrant.configure
# configures the configuration version (we support older styles for
# backwards compatibility). Please don't change it unless you know what
# you're doing.
Vagrant.configure("2") do |config|
  # The most common configuration options are documented and commented below.
  # For a complete reference, please see the online documentation at
  # https://docs.vagrantup.com.

  # Every Vagrant development environment requires a box. You can search for
  # boxes at https://vagrantcloud.com/search.
  config.vm.box = "emessiha/ubuntu64-java"
  config.vm.box_version = "1.0.0"

  # Disable automatic box update checking. If you disable this, then
  # boxes will only be checked for updates when the user runs
  # `vagrant box outdated`. This is not recommended.
  # config.vm.box_check_update = false

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine. In the example below,
  # accessing "localhost:8080" will access port 80 on the guest machine.
  # NOTE: This will enable public access to the opened port
  # config.vm.network "forwarded_port", guest: 80, host: 8080

  # Create a forwarded port mapping which allows access to a specific port
  # within the machine from a port on the host machine and only allow access
  # via 127.0.0.1 to disable public access
  config.vm.network "forwarded_port", guest: 8080, host: 8080, host_ip: "127.0.0.1"

  # Create a private network, which allows host-only access to the machine
  # using a specific IP.
  # config.vm.network "private_network", ip: "192.168.33.10"

  # Create a public network, which generally matched to bridged network.
  # Bridged networks make the machine appear as another physical device on
  # your network.
  # config.vm.network "public_network"

  # Share an additional folder to the guest VM. The first argument is
  # the path on the host to the actual folder. The second argument is
  # the path on the guest to mount the folder. And the optional third
  # argument is a set of non-required options.
  # config.vm.synced_folder "../data", "/vagrant_data"

  # Provider-specific configuration so you can fine-tune various
  # backing providers for Vagrant. These expose provider-specific options.
  # Example for VirtualBox:
  #
  # config.vm.provider "virtualbox" do |vb|
  #   # Display the VirtualBox GUI when booting the machine
  #   vb.gui = true
  #
  #   # Customize the amount of memory on the VM:
  #   vb.memory = "1024"
  # end
  #
  # View the documentation for the provider you are using for more
  # information on available options.

  # Enable provisioning with a shell script. Additional provisioners such as
  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
  # documentation for more information about their specific syntax and use.
  # config.vm.provision "shell", inline: <<-SHELL
  #   apt-get update
  #   apt-get install -y apache2
  # SHELL
end

回答1:

Ports are hard coded in the vagrant file

If you look at the documentation for that vagrant file, it shows that the following ports are already defined

3306
80
8080

I tried to spin up the same vagrant box and found that it used the same ports

vagrant init emessiha/ubuntu64-java \
  --box-version 1.0.0
vagrant up

==> default: Forwarding ports...
    default: 80 (guest) => 80 (host) (adapter 1)
    default: 80 (guest) => 8080 (host) (adapter 1)
    default: 3306 (guest) => 3306 (host) (adapter 1)
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...

If you try and redefine which ports the box will use, it appends those ports instead of replacing them.

Here I tried to forward 3306 to 3307. Instead of replacing the port forward, it added a new entry.

  config.vm.network "forwarded_port", guest: 80, host: 8080, host_ip: "127.0.0.1"
  config.vm.network "forwarded_port", guest: 3306, host: 3307, host_ip: "127.0.0.1"

    default: 80 (guest) => 80 (host) (adapter 1)
    default: 80 (guest) => 8080 (host) (adapter 1)
    default: 3306 (guest) => 3306 (host) (adapter 1)
    default: 3306 (guest) => 3307 (host) (adapter 1)
    default: 22 (guest) => 2222 (host) (adapter 1)

来源：https://stackoverflow.com/questions/54354767/vagrant-port-collision-on-port-80-but-port-80-is-not-forwarded-in-the-vagrantfi

标签

How to forward email using Python

怎甘沉沦 — Mon, 19 Oct 2020 03:48:27 +0000

How to forward email using Python 怎甘沉沦 2020-10-19 11:48:27

来源：https://stackoverflow.com/questions/8542021/how-to-forward-email-using-python

标签

How to forward email using Python

谁都会走 — Mon, 19 Oct 2020 03:47:33 +0000

How to forward email using Python 谁都会走 2020-10-19 11:47:33

来源：https://stackoverflow.com/questions/8542021/how-to-forward-email-using-python

标签

std::forward cannot convert brace-enclosed initializer list

浪子不回头ぞ — Mon, 14 Sep 2020 19:28:24 +0000

std::forward cannot convert brace-enclosed initializer list 浪子不回头ぞ 2020-09-15 03:28:24

来源：https://stackoverflow.com/questions/53190540/stdforward-cannot-convert-brace-enclosed-initializer-list

标签

std::forward cannot convert brace-enclosed initializer list

我们两清 — Mon, 14 Sep 2020 19:28:07 +0000

std::forward cannot convert brace-enclosed initializer list 我们两清 2020-09-15 03:28:07

来源：https://stackoverflow.com/questions/53190540/stdforward-cannot-convert-brace-enclosed-initializer-list

标签

forward 和redirect的区别

半腔热情 — Thu, 26 Mar 2020 23:29:52 +0000

forward 和redirect的区别半腔热情 2020-03-27 07:29:52

阅读目录

　　用户向服务器发送了一次HTTP请求，该请求可能会经过多个信息资源处理以后才返回给用户，各个信息资源使用请求转发机制相互转发请求，但是用户是感觉不到请求转发的。根据转发方式的不同，可以区分为直接请求转发(Forward)和间接请求转发(Redirect)，那么这两种转发方式有何区别呢？本篇在回答该问题的同时全面的讲解两种请求转发方式的原理和区别。

【出现频率】

【关键考点】

请求转发的含义；
Forward转发请求的原理；
Redirect转发请求的原理。

【考题分析】

　　Forward和Redirect代表了两种请求转发方式：直接转发和间接转发。

　 直接转发方式（Forward），客户端和浏览器只发出一次请求，Servlet、HTML、JSP或其它信息资源，由第二个信息资源响应该请求，在请求对象request中，保存的对象对于每个信息资源是共享的。

　　间接转发方式（Redirect）实际是两次HTTP请求，服务器端在响应第一次请求的时候，让浏览器再向另外一个URL发出请求，从而达到转发的目的。

举个通俗的例子：

　　直接转发就相当于：“A找B借钱，B说没有，B去找C借，借到借不到都会把消息传递给A”；

　　间接转发就相当于："A找B借钱，B说没有，让A去找C借"。

下面详细阐述一下两者的原理：

回到顶部

一:间接请求转发(Redirect)

　　间接转发方式，有时也叫重定向，它一般用于避免用户的非正常访问。例如：用户在没有登录的情况下访问后台资源，Servlet可以将该HTTP请求重定向到登录页面，让用户登录以后再访问。在Servlet中，通过调用response对象的SendRedirect()方法，告诉浏览器重定向访问指定的URL，示例代码如下：　

......
//Servlet中处理get请求的方法
public void doGet(HttpServletRequest request,HttpServletResponse response){
//请求重定向到另外的资源
    response.sendRedirect("资源的URL");
}
........

上图所示的间接转发请求的过程如下：

浏览器向Servlet1发出访问请求；
Servlet1调用sendRedirect()方法，将浏览器重定向到Servlet2；
浏览器向servlet2发出请求；
最终由Servlet2做出响应。

回到顶部

二:直接请求转发(Forward)

　　直接转发方式用的更多一些，一般说的请求转发指的就是直接转发方式。Web应用程序大多会有一个控制器。由控制器来控制请求应该转发给那个信息资源。然后由这些信息资源处理请求，处理完以后还可能转发给另外的信息资源来返回给用户，这个过程就是经典的MVC模式。

　　javax.serlvet.RequestDispatcher接口是请求转发器必须实现的接口，由Web容器为Servlet提供实现该接口的对象，通过调用该接口的forward()方法到达请求转发的目的，示例代码如下：

......
    //Servlet里处理get请求的方法
 public void doGet(HttpServletRequest request , HttpServletResponse response){
     //获取请求转发器对象，该转发器的指向通过getRequestDisPatcher()的参数设置
   RequestDispatcher requestDispatcher =request.getRequestDispatcher("资源的URL");
    //调用forward()方法，转发请求      
   requestDispatcher.forward(request,response);    
}......

上图所示的直接转发请求的过程如下：

浏览器向Servlet1发出访问请求；
Servlet1调用forward()方法，在服务器端将请求转发给Servlet2；
最终由Servlet2做出响应。

技巧：其实，通过浏览器就可以观察到服务器端使用了那种请求转发方式，当单击某一个超链接时，浏览器的地址栏会出现当前请求的地址，如果服务器端响应完成以后，发现地址栏的地址变了，则证明是间接的请求转发。相反，如果地址没有发生变化，则代表的是直接请求转发或者没有转发。

问：直接转发和间接转发的原理及区别是什么？

答：Forward和Redirect代表了两种请求转发方式：直接转发和间接转发。对应到代码里，分别是RequestDispatcher类的forward()方法和HttpServletRequest类的sendRedirect()方法。

　　对于间接方式，服务器端在响应第一次请求的时候，让浏览器再向另外一个URL发出请求，从而达到转发的目的。它本质上是两次HTTP请求，对应两个request对象。

　　对于直接方式，客户端浏览器只发出一次请求，Servlet把请求转发给Servlet、HTML、JSP或其它信息资源，由第2个信息资源响应该请求，两个信息资源共享同一个request对象。

　　最后，祝大家都能找到一个称心满意的工作！

来源：https://www.cnblogs.com/zhuyeshen/p/10951338.html

标签

forward

重定向

Centos7 Docker iptables规则链说明

别等时光非礼了梦想. — Mon, 23 Mar 2020 04:23:33 +0000

Centos7 Docker iptables规则链说明别等时光非礼了梦想. 2020-03-23 12:23:33

3 月，跳不动了？>>>

一、切换Centos7防火墙为iptables

#关闭firewall
systemctl stop firewalld.service             #停止firewall
systemctl disable firewalld.service          #禁止firewall开机启动
systemctl mask firewalld.service             #移除firewall
#安装iptables
yum install -y iptables-services        #安装iptables
vim /etc/sysconfig/iptables              #编辑防火墙配置文件

systemctl restart iptables.service      #最后重启防火墙使配置生效
systemctl enable iptables.service    #设置防火墙开机启动

#其他相关命令
systemctl disable iptables    #禁止iptables服务
systemctl stop iptables        #暂停服务
systemctl enable iptables    #解除禁止iptables
systemctl start iptables        #开启服务

二、docker 修改iptables的配置说明

#nat 链规则修改说明

# Generated by iptables-save v1.4.21 on Sun Mar 22 22:30:43 2020
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [8:496]
:POSTROUTING ACCEPT [8:496]
:DOCKER - [0:0]
# 如果请求的目标地址是本机的地址, 那么将请求转到 DOCKER 链处理
#-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
# 如果请求的目标地址不匹配 127.0.0.0/8, 并且目标地址属于本机地址, 那么将请求跳转到 DOCKER 链处理
#-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
# 对于来自于 172.17.0.0/16 的请求, 目标地址不是 docker0 所在的网段的地址, POSTROUTING 链将会将该请求伪装成宿主机的请求转发到外网
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.20.0.0/16 ! -o br-cb8fb8f7ba15 -j MASQUERADE
#开放端口
#-A POSTROUTING -s 172.17.0.2/32 -d 172.17.0.2/32 -p tcp -m tcp --dport 80 -j MASQUERADE
# 由 docker0 设备传入的请求 DOCKER 链会返回上一层处理
-A DOCKER -i docker0 -j RETURN
-A DOCKER -i br-cb8fb8f7ba15 -j RETURN
#-A DOCKER ! -i docker0 -p tcp -m tcp --dport 8080 -j DNAT --to-destination 172.17.0.2:80
COMMIT
# Completed on Sun Mar 22 22:30:43 2020
# Generated by iptables-save v1.4.21 on Sun Mar 22 22:30:43 2020


#filter 链修改说明
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [201:28569]
# DOCKER 链
:DOCKER - [0:0]
# DOCKER-ISOLATION-STAGE-1 链
:DOCKER-ISOLATION-STAGE-1 - [0:0]
# DOCKER-ISOLATION-STAGE-2 链
:DOCKER-ISOLATION-STAGE-2 - [0:0]
# DOCKER-USER 链
:DOCKER-USER - [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
#-A INPUT -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
# FORWARD 链的请求跳转到 DOCKER-USER 链处理
-A FORWARD -j DOCKER-USER
# FORWARD 链的请求跳转到 DOCKER-ISOLATION-STAGE-1 链处理
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
# FORWARD 链的请求如果目标是 docker0 所在的网段, 而且已经建立的连接或者和已建立连接相关那么接受请求
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
# FORWARD 链请求目标是 docker0 所在的网段, 那么跳转到 DOCKER 链处理
-A FORWARD -o docker0 -j DOCKER
# FORWARD 链的请求来自于 docker0 所在网段, 而且目标网段不是 docker0 所在网段, 那么接收请求.
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
# FORWARD 链的请求来自于 docker0 所在网段, 而且目标网段也是 docker0 所在网段, 那么接收请求
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -o br-cb8fb8f7ba15 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o br-cb8fb8f7ba15 -j DOCKER
-A FORWARD -i br-cb8fb8f7ba15 ! -o br-cb8fb8f7ba15 -j ACCEPT
-A FORWARD -i br-cb8fb8f7ba15 -o br-cb8fb8f7ba15 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
#-A DOCKER -d 172.17.0.2/32 ! -i docker0 -o docker0 -p tcp -m tcp --dport 80 -j ACCEPT
# DOCKER-ISOLATION-STAGE-1 链的请求如果来自 docker0 所在网段, 而且目标网段不属于 docker0 所在网段, 那么跳转到 DOCKER-ISOLATION-STAGE-2 处理
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -i br-cb8fb8f7ba15 ! -o br-cb8fb8f7ba15 -j DOCKER-ISOLATION-STAGE-2
# DOCKER-ISOLATION-STAGE-1 链未处理的请求返回到上一层继续处理
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
# DOCKER-ISOLATION-STAGE-2 链的请求如果目标的网段为 docker0 所在网段则丢弃请求
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -o br-cb8fb8f7ba15 -j DROP
# DOCKER-ISOLATION-STAGE-2 链未处理的请求返回到上一层继续处理
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
# DOCKER-USER 链未处理的请求返回到上一层继续处理
-A DOCKER-USER -j RETURN
COMMIT
# Completed on Sun Mar 22 22:30:43 2020

来源：oschina

链接：https://my.oschina.net/fellowtraveler/blog/3208959

标签

小猪佩奇

六眼飞鱼酱① — Wed, 18 Mar 2020 10:21:29 +0000

小猪佩奇六眼飞鱼酱① 2020-03-18 18:21:29

from turtle import*

def nose(x,y):#鼻子
    penup()#提起笔
    goto(x,y)#定位
    pendown()#落笔，开始画
    setheading(-30)#将乌龟的方向设置为to_angle/为数字（0-东、90-北、180-西、270-南）
    begin_fill()#准备开始填充图形
    a=0.4
    for i in range(120):
        if 0<=i<30 or 60<=i<90:
            a=a+0.08
            left(3) #向左转3度
            forward(a) #向前走a的步长
        else:
            a=a-0.08
            left(3)
            forward(a)
    end_fill()#填充完成

    penup()
    setheading(90)
    forward(25)
    setheading(0)
    forward(10)
    pendown()
    pencolor(255,155,192)#画笔颜色
    setheading(10)
    begin_fill()
    circle(5)
    color(160,82,45)#返回或设置pencolor和fillcolor
    end_fill()

    penup()
    setheading(0)
    forward(20)
    pendown()
    pencolor(255,155,192)
    setheading(10)
    begin_fill()
    circle(5)
    color(160,82,45)
    end_fill()


def head(x,y):#头
    color((255,155,192),"pink")
    penup()
    goto(x,y)
    setheading(0)
    pendown()
    begin_fill()
    setheading(180)
    circle(300,-30)
    circle(100,-60)
    circle(80,-100)
    circle(150,-20)
    circle(60,-95)
    setheading(161)
    circle(-300,15)
    penup()
    goto(-100,100)
    pendown()
    setheading(-30)
    a=0.4
    for i in range(60):
        if 0<=i<30 or 60<=i<90:
            a=a+0.08
            lt(3) #向左转3度
            fd(a) #向前走a的步长
        else:
            a=a-0.08
            lt(3)
            fd(a)
    end_fill()


def ears(x,y): #耳朵
    color((255,155,192),"pink")
    penup()
    goto(x,y)
    pendown()
    begin_fill()
    setheading(100)
    circle(-50,50)
    circle(-10,120)
    circle(-50,54)
    end_fill()

    penup()
    setheading(90)
    forward(-12)
    setheading(0)
    forward(30)
    pendown()
    begin_fill()
    setheading(100)
    circle(-50,50)
    circle(-10,120)
    circle(-50,56)
    end_fill()


def eyes(x,y):#眼睛
    color((255,155,192),"white")
    penup()
    setheading(90)
    forward(-20)
    setheading(0)
    forward(-95)
    pendown()
    begin_fill()
    circle(15)
    end_fill()

    color("black")
    penup()
    setheading(90)
    forward(12)
    setheading(0)
    forward(-3)
    pendown()
    begin_fill()
    circle(3)
    end_fill()

    color((255,155,192),"white")
    penup()
    seth(90)
    forward(-25)
    seth(0)
    forward(40)
    pendown()
    begin_fill()
    circle(15)
    end_fill()

    color("black")
    penup()
    setheading(90)
    forward(12)
    setheading(0)
    forward(-3)
    pendown()
    begin_fill()
    circle(3)
    end_fill()


def cheek(x,y):#腮
    color((255,155,192))
    penup()
    goto(x,y)
    pendown()
    setheading(0)
    begin_fill()
    circle(30)
    end_fill()


def mouth(x,y): #嘴
    color(239,69,19)
    penup()
    goto(x,y)
    pendown()
    setheading(-80)
    circle(30,40)
    circle(40,80)

def body(x,y):#身体
    color("red",(255,99,71))
    penup()
    goto(x,y)
    pendown()
    begin_fill()
    setheading(-130)
    circle(100,10)
    circle(300,30)
    setheading(0)
    forward(230)
    setheading(90)
    circle(300,30)
    circle(100,3)
    color((255,155,192),(255,100,100))
    setheading(-135)
    circle(-80,63)
    circle(-150,24)
    end_fill()


def hands(x,y):#手
    color((255,155,192))
    penup()
    goto(x,y)
    pendown()
    setheading(-160)
    circle(300,15)
    penup()
    setheading(90)
    forward(15)
    setheading(0)
    forward(0)
    pendown()
    setheading(-10)
    circle(-20,90)

    penup()
    setheading(90)
    forward(30)
    setheading(0)
    forward(237)
    pendown()
    setheading(-20)
    circle(-300,15)
    penup()
    setheading(90)
    forward(20)
    setheading(0)
    forward(0)
    pendown()
    setheading(-170)
    circle(20,90)

def foot(x,y):#脚
    pensize(10)
    color((240,128,128))
    penup()
    goto(x,y)
    pendown()
    setheading(-90)
    forward(40)
    setheading(-180)
    color("black")
    pensize(15)
    fd(20)

    pensize(10)
    color((240,128,128))
    penup()
    setheading(90)
    forward(40)
    setheading(0)
    forward(90)
    pendown()
    setheading(-90)
    forward(40)
    setheading(-180)
    color("black")
    pensize(15)
    fd(20)

def tail(x,y):#尾巴
    pensize(4)
    color((255,155,192))
    penup()
    goto(x,y)
    pendown()
    seth(0)
    circle(70,20)
    circle(10,330)
    circle(70,30)

def setting():          #参数设置
    pensize(4)
    hideturtle()        #使乌龟无形（隐藏）
    colormode(255)      #将其设置为1.0或255.随后 颜色三元组的r，g，b值必须在0 .. cmode范围内
    color((255,155,192),"pink")
    setup(840,500)
    speed(10)

def main():
    setting()           #画布、画笔设置
    nose(-100,100)      #鼻子
    head(-69,167)       #头
    ears(0,160)         #耳朵
    eyes(0,140)         #眼睛
    cheek(80,10)        #腮
    mouth(-20,30)       #嘴
    body(-32,-8)        #身体
    hands(-56,-45)      #手
    foot(2,-177)        #脚
    tail(148,-155)      #尾巴
    done()

if __name__ == '__main__':
    main()

来源：https://www.cnblogs.com/satoshi3104/p/12519011.html

标签

circle

forward

iptables里的四表五链

笑着哭i — Fri, 13 Mar 2020 16:00:48 +0000

iptables里的四表五链笑着哭i 2020-03-14 00:00:48

iptables只是Linux防火墙的管理工具而已，位于/sbin/iptables。真正实现防火墙功能的是netfilter，它是Linux内核中实现包过滤的内部结构。

iptables包含4个表，5个链。其中表是按照对数据包的操作区分的，链是按照不同的Hook点来区分的，表和链实际上是netfilter的两个维度。 4个表:filter,nat,mangle,raw，默认表是filter（没有指定表的时候就是filter表）。表的处理优先级：raw>mangle>nat>filter。

filter：一般的过滤功能

nat:用于nat功能（端口映射，地址映射等）

mangle:用于对特定数据包的修改

raw:有限级最高，设置raw时一般是为了不再让iptables做数据包的链接跟踪处理，提高性能

5个链：PREROUTING,INPUT,FORWARD,OUTPUT,POSTROUTING。

PREROUTING:数据包进入路由表之前

INPUT:通过路由表后目的地为本机

FORWARDING:通过路由表后，目的地不为本机

OUTPUT:由本机产生，向外转发

POSTROUTIONG:发送到网卡接口之前。

规则表：

1.filter表——三个链：INPUT、FORWARD、OUTPUT
作用：过滤数据包内核模块：iptables_filter.
2.Nat表——三个链：PREROUTING、POSTROUTING、OUTPUT
作用：用于网络地址转换（IP、端口）内核模块：iptable_nat
3.Mangle表——五个链：PREROUTING、POSTROUTING、INPUT、OUTPUT、FORWARD
作用：修改数据包的服务类型、TTL、并且可以配置路由实现QOS内核模块：iptable_mangle(别看这个表这么麻烦，咱们设置策略时几乎都不会用到它)
4.Raw表——两个链：OUTPUT、PREROUTING
作用：决定数据包是否被状态跟踪机制处理内核模块：iptable_raw
(这个是REHL4没有的，不过不用怕，用的不多)

规则链：

1.INPUT——进来的数据包应用此规则链中的策略
2.OUTPUT——外出的数据包应用此规则链中的策略
3.FORWARD——转发数据包时应用此规则链中的策略
4.PREROUTING——对数据包作路由选择前应用此链中的规则
（记住！所有的数据包进来的时侯都先由这个链处理）
5.POSTROUTING——对数据包作路由选择后应用此链中的规则
（所有的数据包出来的时侯都先由这个链处理）

规则表之间的优先顺序：

Raw——mangle——nat——filter
规则链之间的优先顺序（分三种情况）：

第一种情况：入站数据流向

从外界到达防火墙的数据包，先被PREROUTING规则链处理（是否修改数据包地址等），之后会进行路由选择（判断该数据包应该发往何处），如果数据包的目标主机是防火墙本机（比如说Internet用户访问防火墙主机中的web服务器的数据包），那么内核将其传给INPUT链进行处理（决定是否允许通过等），通过以后再交给系统上层的应用程序（比如Apache服务器）进行响应。

第二冲情况：转发数据流向

来自外界的数据包到达防火墙后，首先被PREROUTING规则链处理，之后会进行路由选择，如果数据包的目标地址是其它外部地址（比如局域网用户通过网关访问QQ站点的数据包），则内核将其传递给FORWARD链进行处理（是否转发或拦截），然后再交给POSTROUTING规则链（是否修改数据包的地址等）进行处理。

第三种情况：出站数据流向
防火墙本机向外部地址发送的数据包（比如在防火墙主机中测试公网DNS服务器时），首先被OUTPUT规则链处理，之后进行路由选择，然后传递给POSTROUTING规则链（是否修改数据包的地址等）进行处理。

Iptables的基本语法格式：
Iptables [-t 表名] 命令选项［链名］［条件匹配］［-j 目标动作或跳转］
说明：表名、链名用于指定iptables命令所操作的表和链，命令选项用于指定管理iptables规则的方式（比如：插入、增加、删除、查看等；条件匹配用于指定对符合什么样条件的数据包进行处理；目标动作或跳转用于指定数据包的处理方式（比如允许通过、拒绝、丢弃、跳转（Jump）给其它链处理。

Iptables命令的管理控制选项：

-A 在指定链的末尾添加（append）一条新的规则
-D删除（delete）指定链中的某一条规则，可以按规则序号和内容删除
-I在指定链中插入（insert）一条新的规则，默认在第一行添加
-R修改、替换（replace）指定链中的某一条规则，可以按规则序号和内容替换
-L列出（list）指定链中所有的规则进行查看
-F清空（flush）
-N新建（new-chain）一条用户自己定义的规则链
-X删除指定表中用户自定义的规则链（delete-chain）
-P设置指定链的默认策略（policy）
-n使用数字形式（numeric）显示输出结果
-v查看规则表详细信息（verbose）的信息
-V查看版本(version)
-h获取帮助（help）

防火墙处理数据包的四种方式：

ACCEPT 允许数据包通过
DROP 直接丢弃数据包，不给任何回应信息
REJECT 拒绝数据包通过，必要时会给数据发送端一个响应的信息。
LOG在/var/log/messages文件中记录日志信息，然后将数据包传递给下一条规则

iptables防火墙规则的保存与恢复

iptables-save把规则保存到文件中，再由目录rc.d下的脚本（/etc/rc.d/init.d/iptables）自动装载

使用命令iptables-save来保存规则。一般用

iptables-save > /etc/sysconfig/iptables

生成保存规则的文件 /etc/sysconfig/iptables，

也可以用

service iptables save

它能把规则自动保存在/etc/sysconfig/iptables中。

当计算机启动时，rc.d下的脚本将用命令iptables-restore调用这个文件，从而就自动恢复了规则。

删除INPUT链的第一条规则

iptables -D INPUT 1

Iptables防火墙常用的策略：

1.拒绝进入防火墙的所有ICMP协议数据包
iptables -I INPUT -p icmp -j REJECT

2.允许防火墙转发除ICMP协议以外的所有数据包
iptables -A FORWARD -p ! icmp -j ACCEPT
说明：使用“！”可以将条件取反。

3.拒绝转发来自192.168.1.10主机的数据，允许转发来自192.168.0.0/24网段的数据
iptables -A FORWARD -s 192.168.1.11 -j REJECT
iptables -A FORWARD -s 192.168.0.0/24 -j ACCEPT
说明：注意要把拒绝的放在前面不然就不起作用了啊。

4.丢弃从外网接口（eth1）进入防火墙本机的源地址为私网地址的数据包
iptables -A INPUT -i eth1 -s 192.168.0.0/16 -j DROP
iptables -A INPUT -i eth1 -s 172.16.0.0/12 -j DROP
iptables -A INPUT -i eth1 -s 10.0.0.0/8 -j DROP

5.封堵网段（192.168.1.0/24），两小时后解封。
[root@server ~]# iptables -I INPUT -s 10.20.30.0/24 -j DROP
[root@server ~]# iptables -I FORWARD -s 10.20.30.0/24 -j DROP
[root@server ~]# at now +2 hours
at> iptables -D INPUT 1
at> iptables -D FORWARD 1
说明：这个策略咱们借助crond计划任务来完成，就再好不过了。
[1]+ Stopped at now +2 hours

6.只允许管理员从202.13.0.0/16网段使用SSH远程登录防火墙主机。
iptables -A INPUT -p tcp --dport 22 -s 202.13.0.0/16 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j DROP
说明：这个用法比较适合对设备进行远程管理时使用，比如位于分公司中的SQL服务器需要被总公司的管理员管理时。

7.允许本机开放从TCP端口20-1024提供的应用服务。
iptables -A INPUT -p tcp --dport 20:1024 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 20:1024 -j ACCEPT

8.允许转发来自192.168.0.0/24局域网段的DNS解析请求数据包。
iptables -A FORWARD -s 192.168.0.0/24 -p udp --dport 53 -j ACCEPT
iptables -A FORWARD -d 192.168.0.0/24 -p udp --sport 53 -j ACCEPT

9.禁止其他主机ping防火墙主机，但是允许从防火墙上ping其他主机
iptables -I INPUT -p icmp --icmp-type Echo-Request -j DROP
iptables -I INPUT -p icmp --icmp-type Echo-Reply -j ACCEPT
iptables -I INPUT -p icmp --icmp-type destination-Unreachable -j ACCEPT

10.禁止转发来自MAC地址为00：0C：29：27：55：3F的和主机的数据包
iptables -A FORWARD -m mac --mac-source 00:0c:29:27:55:3F -j DROP
说明：iptables中使用“-m 模块关键字”的形式调用显示匹配。咱们这里用“-m mac –mac-source”来表示数据包的源MAC地址。

11.允许防火墙本机对外开放TCP端口20、21、25、110以及被动模式FTP端口1250-1280
iptables -A INPUT -p tcp -m multiport --dport 20,21,25,110,1250:1280 -j ACCEPT
说明：这里用“-m multiport –dport”来指定目的端口及范围

12.禁止转发源IP地址为192.168.1.20-192.168.1.99的TCP数据包。
iptables -A FORWARD -p tcp -m iprange --src-range 192.168.1.20-192.168.1.99 -j DROP
说明：此处用“-m –iprange –src-range”指定IP范围。

13.禁止转发与正常TCP连接无关的非—syn请求数据包。
iptables -A FORWARD -m state --state NEW -p tcp ! --syn -j DROP
说明：“-m state”表示数据包的连接状态，“NEW”表示与任何连接无关的，新的嘛！

14.拒绝访问防火墙的新数据包，但允许响应连接或与已有连接相关的数据包
iptables -A INPUT -p tcp -m state --state NEW -j DROP
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
说明：“ESTABLISHED”表示已经响应请求或者已经建立连接的数据包，“RELATED”表示与已建立的连接有相关性的，比如FTP数据连接等。

15.只开放本机的web服务（80）、FTP(20、21、20450-20480)，放行外部主机发住服务器其它端口的应答数据包，将其他入站数据包均予以丢弃处理。
iptables -I INPUT -p tcp -m multiport --dport 20,21,80 -j ACCEPT
iptables -I INPUT -p tcp --dport 20450:20480 -j ACCEPT
iptables -I INPUT -p tcp -m state --state ESTABLISHED -j ACCEPT
iptables -P INPUT DROP

来源：oschina

链接：https://my.oschina.net/u/2268635/blog/364266

标签