OS : CentOS-7<\/p>\n
\uc804\ud1b5\uc801\uc778 iptables \ub97c \uae30\ubc18\uc73c\ub85c \ud558\uc9c0\ub9cc..
\nfirewalld \ub77c\ub294 \ud328\ud0a4\uc9c0\ub85c \uad00\ub9ac\ud568…
\n\uadf8\ub0e5 iptables \ub97c \uc0ac\uc6a9\ud558\ub358\uac00.. firewall-cmd \ub97c \uc0ac\uc6a9\ud558\ub358\uac00.. \ud3b8\ud55c\ub300\ub85c \uc0ac\uc6a9\ud558\uba74 \ub428<\/p>\n
<\/p>\n
\uc124\uc815 \uacbd\ub85c : \/etc\/firewalld<\/p>\n
firewall-cmd\ub97c \uc774\uc6a9\ud574\uc11c \uc77c\ubc18\uc801\uc778 \uc124\uc815\uc744 \ud558\uac8c \ub418\uba74
\n\/etc\/firewalld\/zones\/public.xml \uc5d0 \uc800\uc7a5\ub428…<\/p>\n
\uc124\uce58\ud6c4 \ubcc4\ub2e4\ub978 \ucd94\uac00 \uc124\uc815\uc744 \ud558\uc9c0 \uc54a\uc558\ub2e4\uba74<\/p>\n
firewall-cmd –get-default-zone<\/p>\n
\uba85\ub839\uc5b4\ub97c \uc2e4\ud589 \ud55c \uacb0\uacfc\ub294 ”public”\uc73c\ub85c \ucd9c\ub825\ub420 \uac83\uc774\ub2e4.<\/p>\n
<\/p>\n
\ud658\uacbd : \ud130\ubbf8\ub110 \uae30\ubc18
\n\uba85\ub839\uc5b4 : firewall-cmd<\/p>\n
<\/p>\n
\ub8f0 \ucd94\uac00<\/strong><\/p>\n \ub8f0 \uc0ad\uc81c<\/strong><\/p>\n <\/p>\n <\/p>\n <\/p>\n <\/p>\n \ub450\uac1c\uc758 \uad6c\ubb38\uc740 \ub3d9\uc77c\ud55c\ub4ef \ubcf4\uc774\uc9c0\ub9cc.. \uc57d\uac04\uc758 \ucc28\uc774\uac00 \uc788\ub2e4.<\/p>\n \uc2e4\uc81c\ub85c \uc0ac\uc6a9\uc2dc\uc5d0\ub294 drop \uc744 \uc0ac\uc6a9\ud558\uba74 \ub418\uaca0\ub2e4…<\/p>\n <\/p>\n <\/p>\n \ud558\uc9c0\ub9cc.. \ubcf8 \ub0b4\uc6a9\uc740… running \uc0c1\ud0dc\uc5d0\uc11c\ub9cc \uc720\ud6a8\ud560 \ubfd0.. \uc2e4\uc81c\ub85c public.xml \ud30c\uc77c\uc744 \ud655\uc778\ud574\ub3c4 \uc124\uc815\ud588\ub358 \ub0b4\uc6a9\ub4e4\uc744 \ucc3e\uc744 \uc218 \uc5c6\ub2e4.<\/p>\n <\/p>\n firewall-cmd –permanent \uadf8\ub9ac\uace0 \ub098\uc11c<\/p>\n firewall-cmd –reload<\/p>\n \uba85\ub839\uc744 \uc774\uc6a9\ud574 \uc124\uc815\ud30c\uc77c\uc758 \ub0b4\uc6a9\uc744 \ubc18\uc601….<\/p>\n <\/p>\n <\/p>\n \ud658\uacbd OS : CentOS-7 \uc804\ud1b5\uc801\uc778 iptables \ub97c \uae30\ubc18\uc73c\ub85c \ud558\uc9c0\ub9cc.. firewalld \ub77c\ub294 \ud328\ud0a4\uc9c0\ub85c \uad00\ub9ac\ud568… \uadf8\ub0e5 iptables \ub97c \uc0ac\uc6a9\ud558\ub358\uac00.. firewall-cmd \ub97c \uc0ac\uc6a9\ud558\ub358\uac00.. \ud3b8\ud55c\ub300\ub85c \uc0ac\uc6a9\ud558\uba74 \ub428 \uc124\uc815\ud30c\uc77c \uc124\uc815 \uacbd\ub85c : \/etc\/firewalld firewall-cmd\ub97c \uc774\uc6a9\ud574\uc11c \uc77c\ubc18\uc801\uc778 \uc124\uc815\uc744 \ud558\uac8c \ub418\uba74 \/etc\/firewalld\/zones\/public.xml \uc5d0 \uc800\uc7a5\ub428… \uc124\uce58\ud6c4 \ubcc4\ub2e4\ub978 \ucd94\uac00 \uc124\uc815\uc744 \ud558\uc9c0 \uc54a\uc558\ub2e4\uba74 firewall-cmd –get-default-zone \uba85\ub839\uc5b4\ub97c \uc2e4\ud589 \ud55c \uacb0\uacfc\ub294 ”public”\uc73c\ub85c \ucd9c\ub825\ub420 \uac83\uc774\ub2e4. \uae30\ubcf8 \uc0ac\uc6a9\ubc95 \ud658\uacbd : \ud130\ubbf8\ub110 \uae30\ubc18 \uba85\ub839\uc5b4 : firewall-cmd \uc870\uac74 : 20,22,80\ud3ec\ud2b8(TCP)\ub97c \ud5c8\uc6a9 \ub8f0 \ucd94\uac00 firewall-cmd –add-port=21\/tcp firewall-cmd –add-port=22\/tcp firewall-cmd –add-port=80\/tcp \ub8f0 \uc0ad\uc81c firewall-cmd –remove-port=21\/tcp firewall-cmd –remove-port=22\/tcp firewall-cmd –remove-port=80\/tcp \uc870\uac74 : 8000 ~ 9000 \uae4c\uc9c0\uc758 \ud3ec\ud2b8(TCP)\ub97c \ud5c8\uc6a9 firewall-cmd –add-port=8000-9000\/tcp firewall-cmd –remove-port=8000-9000\/tcp \uc870\uac74 : 192.168.0.0\/255.255.255.0 \ub300\uc5ed\uc744 \ud5c8\uc6a9 firewall-cmd –add-source=192.168.0.0\/24 firewall-cmd –remove-source=192.168.0.0\/24 \uc870\uac74 : 192.168.3.100 \uc544\uc774\ud53c\ub97c \ud5c8\uc6a9 firewall-cmd –add-source=192.168.3.100 firewall-cmd –remove-source=192.168.3.100 \uc870\uac74 : 192.168.5.100 \uc544\uc774\ud53c\ub97c \ucc28\ub2e8 firewall-cmd –add-rich-rule=’rule family=”ipv4″ source address=192.168.5.100 reject’ firewall-cmd –remove-rich-rule=’rule family=”ipv4″ source address=192.168.5.100 reject’ firewall-cmd –add-rich-rule=’rule family=”ipv4″ source address=192.168.5.100 [ more… ]<\/a><\/p>\n<\/div>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[249],"tags":[282,434,257,738,739,735,736,621,737,216,258],"class_list":["post-6459","post","type-post","status-publish","format-standard","hentry","category-linux","tag-access","tag-centos","tag-centos7","tag-deny","tag-drop","tag-firewall","tag-firewalld","tag-iptables","tag-reject","tag-rhel","tag-rhel7"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/6459","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/comments?post=6459"}],"version-history":[{"count":1,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/6459\/revisions"}],"predecessor-version":[{"id":6460,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/posts\/6459\/revisions\/6460"}],"wp:attachment":[{"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/media?parent=6459"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/categories?post=6459"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jirak.net\/wp\/wp-json\/wp\/v2\/tags?post=6459"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\n\r\nfirewall-cmd --add-port=21\/tcp\r\nfirewall-cmd --add-port=22\/tcp\r\nfirewall-cmd --add-port=80\/tcp\r\n\r\n<\/pre>\n
\r\n\r\nfirewall-cmd --remove-port=21\/tcp\r\nfirewall-cmd --remove-port=22\/tcp\r\nfirewall-cmd --remove-port=80\/tcp\r\n\r\n<\/pre>\n
\uc870\uac74 : 8000 ~ 9000 \uae4c\uc9c0\uc758 \ud3ec\ud2b8(TCP)\ub97c \ud5c8\uc6a9<\/h3>\n
\r\n\r\nfirewall-cmd --add-port=8000-9000\/tcp\r\nfirewall-cmd --remove-port=8000-9000\/tcp\r\n\r\n<\/pre>\n
\uc870\uac74 : 192.168.0.0\/255.255.255.0 \ub300\uc5ed\uc744 \ud5c8\uc6a9<\/h3>\n
\r\n\r\nfirewall-cmd --add-source=192.168.0.0\/24\r\nfirewall-cmd --remove-source=192.168.0.0\/24\r\n\r\n<\/pre>\n
\uc870\uac74 : 192.168.3.100 \uc544\uc774\ud53c\ub97c \ud5c8\uc6a9<\/h3>\n
\r\n\r\nfirewall-cmd --add-source=192.168.3.100\r\nfirewall-cmd --remove-source=192.168.3.100\r\n\r\n<\/pre>\n
\uc870\uac74 : 192.168.5.100 \uc544\uc774\ud53c\ub97c \ucc28\ub2e8<\/h3>\n
\r\n\r\nfirewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=192.168.5.100 reject'\r\nfirewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=192.168.5.100 reject'\r\n\r\nfirewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=192.168.5.100 drop'\r\nfirewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=192.168.5.100 drop'\r\n\r\n<\/pre>\n
\n
\uc870\uac74 : 192.168.10.170 \uc544\uc774\ud53c\uc5d0 \ub300\ud574 80\ubc88 \ud3ec\ud2b8\ub97c \ud5c8\uc6a9<\/h3>\n
\r\n\r\nfirewall-cmd --add-rich-rule='rule family=\"ipv4\" source address=192.168.10.170 port port=\"80\" protocol=\"tcp\" accept'\r\nfirewall-cmd --remove-rich-rule='rule family=\"ipv4\" source address=192.168.10.170 port port=\"80\" protocol=\"tcp\" accept'\r\n\r\n<\/pre>\n
\n\uc11c\ube44\uc2a4\ub97c \uc8fd\uc774\uac70\ub098 \ub9ac\ubd80\ud305\uc744 \ud588\uc744 \uacbd\uc6b0\uc5d0\ub294 \uc124\uc815\uc774 \ubaa8\ub450 \ub0a0\uc544\uac10..<\/p>\n\uc124\uc815\ud30c\uc77c\uc5d0 \uc801\uc6a9 \ud558\uae30<\/h2>\n
\n\ud615\ud0dc\ub85c \uc635\uc158\uc744 \uc918\uc57c \ud55c\ub2e4.<\/p>\n\r\n\r\nfirewall-cmd --permanent --add-port=21\/tcp\r\nfirewall-cmd --permanent --add-port=22\/tcp\r\nfirewall-cmd --permanent --add-port=80\/tcp\r\nfirewall-cmd --permanent --add-port=8000-9000\/tcp\r\nfirewall-cmd --permanent --add-source=192.168.0.0\/24\r\nfirewall-cmd --permanent --add-source=192.168.3.100\r\nfirewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=192.168.5.100 reject'\r\nfirewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=192.168.5.100 drop'\r\nfirewall-cmd --permanent --add-rich-rule='rule family=\"ipv4\" source address=192.168.10.170 port port=\"80\" protocol=\"tcp\" accept'\r\n\r\n<\/pre>\n
\ud130\ubbf8\ub110\uc5d0\uc11c \uc0c1\ud0dc \ud655\uc778<\/h2>\n
\r\n\r\n# firewall-cmd --list-all\r\npublic (default)\r\ninterfaces:\r\nsources: 192.168.3.100 192.168.0.0\/24\r\nservices: dhcpv6-client ssh\r\nports: 21\/tcp 80\/tcp 8000-9000\/tcp 22\/tcp\r\nmasquerade: no\r\nforward-ports:\r\nicmp-blocks:\r\nrich rules:\r\nrule family=\"ipv4\" source address=\"192.168.5.100\" reject\r\nrule family=\"ipv4\" source address=\"192.168.5.100\" drop\r\nrule family=\"ipv4\" source address=\"192.168.10.170\" port port=\"80\" protocol=\"tcp\" accept\r\n\r\n<\/pre>\n
public.xml \ub0b4\uc6a9<\/h2>\n
\r\n\r\n<?xml version="1.0" encoding="utf-8"?>\r\n<zone>\r\n<short>Public<\/short>\r\n<description><\/description>\r\n<source address="192.168.0.0\/24"\/>\r\n<source address="192.168.3.100"\/>\r\n<service name="dhcpv6-client"\/>\r\n<service name="ssh"\/>\r\n<port protocol="tcp" port="21"\/>\r\n<port protocol="tcp" port="80"\/>\r\n<port protocol="tcp" port="8000-9000"\/>\r\n<port protocol="tcp" port="22"\/>\r\n<rule family="ipv4">\r\n<source address="192.168.5.100"\/>\r\n<reject\/>\r\n<\/rule>\r\n<rule family="ipv4">\r\n<source address="192.168.5.100"\/>\r\n<drop\/>\r\n<\/rule>\r\n<rule family="ipv4">\r\n<source address="192.168.10.170"\/>\r\n<port protocol="tcp" port="80"\/>\r\n<accept\/>\r\n<\/rule>\r\n<\/zone>\r\n\r\n<\/pre>\n","protected":false},"excerpt":{"rendered":"