변군이글루

[리눅스] CentOS 7에서 방화벽(firewalld) 설정하기 본문

서___리눅스

[리눅스] CentOS 7에서 방화벽(firewalld) 설정하기

변군 변군이글루 2017.04.20 15:04

CentOS 7에서 방화벽(firewalld) 설정하기

 

방화벽 실행 여부 확인
# firewall-cmd --state
---Output
not running
---

 

방화벽 실행
# systemctl start firewalld.service

 

방화벽 실행 여부 확인
# firewall-cmd --state
---Output
running
---

 

FTP 서비스 추가
# firewall-cmd --add-service=ftp
---Output
success
---

 

public에 속한 모든 서비스/포트 목록 출력
# firewall-cmd --zone=public --list-all
---Output
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ftp ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:
---

 

FTP 서비스 제거
# firewall-cmd --remove-service=ftp
---Output
success
---

 

서비스 목록 출력

# firewall-cmd --get-services
---Output
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph
ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync
freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http
https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd
ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn
pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp
ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane
smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp
tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https
xmpp-bosh xmpp-client xmpp-local xmpp-server
---

 

http, https, dhcp, dns, ntp, tftp 서비스 등록 및 dhcpv6-client 서비스 제거
# firewall-cmd --permanent --zone=public --add-service=http
success
# firewall-cmd --permanent --zone=public --add-service=https
success
# firewall-cmd --permanent --zone=public --add-service=dhcp
success
# firewall-cmd --permanent --zone=public --add-service=dns
success
# firewall-cmd --permanent --zone=public --add-service=ntp
success
# firewall-cmd --permanent --zone=public --add-service=tftp
success
# firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
success

 

permanent로 등록된 서비스 목록
# firewall-cmd --permanent --list-all
---Output
public
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcp dhcpv6-client dns http https ntp ssh tftp
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:
---

 

방화벽(firewalld) 재시작
# firewall-cmd --reload

 

정상 설정 여부 확인
# firewall-cmd --list-services --zone=public
---Output
http https ntp ssh dns dhcp tftp
---

 

방화벽(firewall) 설정 파일
# vi /etc/firewalld/zones/public.xml
---Output
<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers
  on networks to not harm your computer. Only selected incoming connections
  are accepted.</description>
  <service name="http"/>
  <service name="https"/>
  <service name="ntp"/>
  <service name="ssh"/>
  <service name="dns"/>
  <service name="dhcp"/>
  <service name="tftp"/>
</zone>
---

 

 

0 Comments
댓글쓰기 폼