- How To Set Up a Firewall Using FirewallD on CentOS 7
- RHEL/CentOS 7 에서 방화벽(firewalld) 설정하기
- firewalld 기반의 접근제어 사용하기
설정
systemctl start firewalld.service systemctl stop firewalld.service systemctl status firewalld.service systemctl restart firewalld.service # --permanent 영구히 적용 firewall-cmd --state firewall-cmd --reload firewall-cmd --get-services # 서비스 목록 firewall-cmd --zone=public --list-services # public 에 적용된 서비스 목록 firewall-cmd --zone=public --permanent --add-service=http firewall-cmd --zone=public --permanent --add-service=https firewall-cmd --zone=public --permanent --add-service=mysql firewall-cmd --list-ports firewall-cmd --zone=public --permanent --add-port=3306/tcp firewall-cmd --zone=public --permanent --add-port=4990-4999/udp # rule reomve firewall-cmd --zone=public --permanent --remove-port=3306/tcp firewall-cmd --zone=public --permanent --remove-port=4990-4999/udp firewall-cmd --remove-port=21/tcp # ip allow firewall-cmd --add-source=192.168.3.100 firewall-cmd --remove-source=192.168.3.100 # ip width allow firewall-cmd --add-source=192.168.0.0/24 firewall-cmd --remove-source=192.168.0.0/24 # 차단 firewall-cmd --add-rich-rule='rule family="ipv4" source address=192.168.5.100 reject' firewall-cmd --remove-rich-rule='rule family="ipv4" source address=192.168.5.100 reject' # 드롭 firewall-cmd --add-rich-rule='rule family="ipv4" source address=192.168.5.100 drop' firewall-cmd --remove-rich-rule='rule family="ipv4" source address=192.168.5.100 drop' # ip:port 허용 firewall-cmd --add-rich-rule='rule family="ipv4" source address=192.168.10.170 port port="80" protocol="tcp" accept' firewall-cmd --remove-rich-rule='rule family="ipv4" source address=192.168.10.170 port port="80" protocol="tcp" accept'
/etc/firewalld/zones/public.xml
<?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="dhcpv6-client"/> <service name="ssh"/> <service name="http"/> <service name="https"/> <service name="mysql"/> </zone>
서비스 명으로 관리
sudo cp /usr/lib/firewalld/services/service.xml /etc/firewalld/services/example.xml
설정
<?xml version="1.0" encoding="utf-8"?> <service> <short>SSH</short> <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description> <port protocol="tcp" port="22"/> </service>
<?xml version="1.0" encoding="utf-8"?> <service> <short>Example Service</short> <description>This is just an example service. It probably shouldn't be used on a real system.</description> <port protocol="tcp" port="7777"/> <port protocol="udp" port="8888"/> </service>
반응형
'secure' 카테고리의 다른 글
| SPF(Sender Policy Framework) (0) | 2019.11.01 |
|---|---|
| Letsencrypt SSL 적용 (0) | 2018.08.06 |
| 웹 취약점 9요소 (0) | 2006.10.12 |