禁止外网访问elasticsearch服务

一旦elasticsearch服务运行起来的话,任何人访问http://www.example.com:9200都是可以访问的,我现在的需求是只能本机访问,其他外面的ip不能访问,求简单设置方法?

阅读 23k
3 个回答

希望没写错:

iptables -A INPUT -p tcp --dport 9200 ! -s 127.0.0.1 -j DROP

无意中看到这个问题,不得不说,可以设置的

############################## Network And HTTP ###############################

# Elasticsearch, by default, binds itself to the 0.0.0.0 address, and listens
# on port [9200-9300] for HTTP traffic and on port [9300-9400] for node-to-node
# communication. (the range means that if the port is busy, it will automatically
# try the next port).

# Set the bind address specifically (IPv4 or IPv6):
#
#network.bind_host: 192.168.0.1

# Set the address other nodes will use to communicate with this node. If not
# set, it is automatically derived. It must point to an actual IP address.
#
#network.publish_host: 192.168.0.1

# Set both 'bind_host' and 'publish_host':
#
network.host: 127.0.0.1

linux里面可以修改防火墙控制,譬如CentOS里面,把监听IP设置为内网即可

撰写回答
你尚未登录,登录后可以
  • 和开发者交流问题的细节
  • 关注并接收问题和回答的更新提醒
  • 参与内容的编辑和改进,让解决方法与时俱进
宣传栏