반응형
CentOS 7에서 방화벽(firewalld) 설정하기
방화벽 실행 여부 확인
firewall-cmd --state
$ firewall-cmd --state
not running
방화벽 실행
systemctl start firewalld.service
방화벽 실행 여부 확인
firewall-cmd --state
$ firewall-cmd --state
running
FTP 서비스 추가
firewall-cmd --add-service=ftp
$ firewall-cmd --add-service=ftp
success
public에 속한 모든 서비스/포트 목록 출력
firewall-cmd --zone=public --list-all
$ firewall-cmd --zone=public --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ftp ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
FTP 서비스 제거
firewall-cmd --remove-service=ftp
$ firewall-cmd --remove-service=ftp
success
서비스 목록 출력
firewall-cmd --get-services
$ firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph
ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync
freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http
https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd
ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn
pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp
ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane
smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp
tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https
xmpp-bosh xmpp-client xmpp-local xmpp-server
http, https, dhcp, dns, ntp, tftp 서비스 등록 및 dhcpv6-client 서비스 제거
firewall-cmd --permanent --zone=public --add-service=http
$ firewall-cmd --permanent --zone=public --add-service=http
success
firewall-cmd --permanent --zone=public --add-service=https
$ firewall-cmd --permanent --zone=public --add-service=https
success
firewall-cmd --permanent --zone=public --add-service=dhcp
$ firewall-cmd --permanent --zone=public --add-service=dhcp
success
firewall-cmd --permanent --zone=public --add-service=dns
$ firewall-cmd --permanent --zone=public --add-service=dns
success
firewall-cmd --permanent --zone=public --add-service=ntp
$ firewall-cmd --permanent --zone=public --add-service=ntp
success
firewall-cmd --permanent --zone=public --add-service=tftp
$ firewall-cmd --permanent --zone=public --add-service=tftp
success
firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
$ firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
success
permanent로 등록된 서비스 목록
firewall-cmd --permanent --list-all
$ firewall-cmd --permanent --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcp dhcpv6-client dns http https ntp ssh tftp
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
방화벽(firewalld) 재시작
firewall-cmd --reload
정상 설정 여부 확인
firewall-cmd --list-services --zone=public
$ firewall-cmd --list-services --zone=public
http https ntp ssh dns dhcp tftp
방화벽(firewall) 설정 파일
vim /etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers
on networks to not harm your computer. Only selected incoming connections
are accepted.</description>
<service name="http"/>
<service name="https"/>
<service name="ntp"/>
<service name="ssh"/>
<service name="dns"/>
<service name="dhcp"/>
<service name="tftp"/>
</zone>
728x90
반응형
'리눅스' 카테고리의 다른 글
[리눅스] mongoDB 소스 설치 (0) | 2017.04.24 |
---|---|
[리눅스] Install MongoDB on CentOS6 or Linux (1) | 2017.04.24 |
[리눅스] CentOS 7 런레벨(runlevel) 변경 (0) | 2017.04.18 |
[리눅스] Ansible 일반 계정으로 배포하기 (0) | 2017.04.16 |
[리눅스] Ansible Playboot 실행하기 (0) | 2017.04.16 |