728x90
CentOS 7에서 방화벽(firewalld) 설정하기
방화벽 실행 여부 확인
firewall-cmd --state$ firewall-cmd --state
not running방화벽 실행
systemctl start firewalld.service방화벽 실행 여부 확인
firewall-cmd --state$ firewall-cmd --state
runningFTP 서비스 추가
firewall-cmd --add-service=ftp$ firewall-cmd --add-service=ftp
successpublic에 속한 모든 서비스/포트 목록 출력
firewall-cmd --zone=public --list-all$ firewall-cmd --zone=public --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ftp ssh
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:FTP 서비스 제거
firewall-cmd --remove-service=ftp$ firewall-cmd --remove-service=ftp
success서비스 목록 출력
firewall-cmd --get-services$ firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client ceph
ceph-mon dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync
freeipa-ldap freeipa-ldaps freeipa-replication ftp high-availability http
https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kpasswd
ldap ldaps libvirt libvirt-tls mdns mosh mountd ms-wbt mysql nfs ntp openvpn
pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp
ptp pulseaudio puppetmaster radius rpc-bind rsyncd samba samba-client sane
smtp smtps snmp snmptrap squid ssh synergy syslog syslog-tls telnet tftp
tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https
xmpp-bosh xmpp-client xmpp-local xmpp-serverhttp, https, dhcp, dns, ntp, tftp 서비스 등록 및 dhcpv6-client 서비스 제거
firewall-cmd --permanent --zone=public --add-service=http$ firewall-cmd --permanent --zone=public --add-service=http
successfirewall-cmd --permanent --zone=public --add-service=https$ firewall-cmd --permanent --zone=public --add-service=https
successfirewall-cmd --permanent --zone=public --add-service=dhcp$ firewall-cmd --permanent --zone=public --add-service=dhcp
successfirewall-cmd --permanent --zone=public --add-service=dns$ firewall-cmd --permanent --zone=public --add-service=dns
successfirewall-cmd --permanent --zone=public --add-service=ntp$ firewall-cmd --permanent --zone=public --add-service=ntp
successfirewall-cmd --permanent --zone=public --add-service=tftp$ firewall-cmd --permanent --zone=public --add-service=tftp
successfirewall-cmd --permanent --zone=public --remove-service=dhcpv6-client$ firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
successpermanent로 등록된 서비스 목록
firewall-cmd --permanent --list-all$ firewall-cmd --permanent --list-all
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcp dhcpv6-client dns http https ntp ssh tftp
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:방화벽(firewalld) 재시작
firewall-cmd --reload정상 설정 여부 확인
firewall-cmd --list-services --zone=public$ firewall-cmd --list-services --zone=public
http https ntp ssh dns dhcp tftp방화벽(firewall) 설정 파일
vim /etc/firewalld/zones/public.xml<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers
on networks to not harm your computer. Only selected incoming connections
are accepted.</description>
<service name="http"/>
<service name="https"/>
<service name="ntp"/>
<service name="ssh"/>
<service name="dns"/>
<service name="dhcp"/>
<service name="tftp"/>
</zone>728x90
'리눅스' 카테고리의 다른 글
| [리눅스] BIND(named)에서 $GENERATE 지시어를 사용하는 방법 (0) | 2022.11.28 |
|---|---|
| MySQL에서 원격 접속을 허용하는 방법 (0) | 2022.11.26 |
| [리눅스] HTTP Status Codes (0) | 2022.11.25 |
| HP 서버 스토리지 정보 확인(raid) (0) | 2022.11.25 |
| [리눅스] swap 메모리 초기화 (0) | 2022.11.25 |
