Centos7 Iptables 사용하기
Centos7 Iptables 사용하기
안녕하세요.
JP-Hosting 입니다.
이번에는 Centos7에 적용된 firewalld 대신 기존 사용하던 iptables 를 사용하는 방법에 대한 글입니다.
테스트환경은 Centos 7.8 버전입니다.
[root@localhost ~]# rpm -qa *-release centos-release-7-8.2003.0.el7.centos.x86_64
Centos7 기본 firewalld 서비스 삭제
- 서비스 상태 확인
- Firewalld 중지
- 서비스 상태 확인
[root@localhost ~]# systemctl status firewalld● firewalld.service - firewalld - dynamic firewall daemonLoaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)Active: active (running) since Sat 2020-05-30 15:01:15 JST; 1 day 7h agoDocs: man:firewalld(1)Main PID: 23280 (firewalld)CGroup: /system.slice/firewalld.service└─23280 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopidMay 30 15:01:15 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...May 30 15:01:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.May 30 15:01:15 localhost.localdomain firewalld[23280]: WARNING: AllowZoneDrifting is enabled. This is considered an insec... now.Hint: Some lines were ellipsized, use -l to show in full.You have new mail in /var/spool/mail/root[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# systemctl mask firewalldCreated symlink from /etc/systemd/system/firewalld.service to /dev/null.[root@localhost ~]# systemctl status firewalld● firewalld.serviceLoaded: masked (/dev/null; bad)Active: inactive (dead) since Sun 2020-05-31 22:07:36 JST; 3s agoMain PID: 23280 (code=exited, status=0/SUCCESS)May 30 15:01:15 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...May 30 15:01:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.May 30 15:01:15 localhost.localdomain firewalld[23280]: WARNING: AllowZoneDrifting is enabled. This is considered an insec... now.May 31 22:07:35 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon...May 31 22:07:36 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.Hint: Some lines were ellipsized, use -l to show in full.
Iptables 서비스 설치
- Iptables 서비스 설치
- 서비스 시작
- 서비스 상태 확인
[root@localhost ~]# yum -y install iptables-servicesLoaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfile* base: ty1.mirror.newmediaexpress.com* extras: ty1.mirror.newmediaexpress.com* updates: ty1.mirror.newmediaexpress.comResolving Dependencies--> Running transaction check---> Package iptables-services.x86_64 0:1.4.21-34.el7 will be installed--> Finished Dependency ResolutionDependencies Resolved==================================================================================================================================Package Arch Version Repository Size==================================================================================================================================Installing:iptables-services x86_64 1.4.21-34.el7 base 52 kTransaction Summary==================================================================================================================================Install 1 PackageTotal download size: 52 kInstalled size: 23 kDownloading packages:iptables-services-1.4.21-34.el7.x86_64.rpm | 52 kB 00:00:00Running transaction checkRunning transaction testTransaction test succeededRunning transactionInstalling : iptables-services-1.4.21-34.el7.x86_64 1/1Verifying : iptables-services-1.4.21-34.el7.x86_64 1/1Installed:iptables-services.x86_64 0:1.4.21-34.el7Complete!
[root@localhost ~]# systemctl enable iptablesCreated symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.[root@localhost ~]# systemctl start iptables
[root@localhost ~]# systemctl status iptables● iptables.service - IPv4 firewall with iptablesLoaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)Active: active (exited) since Sun 2020-05-31 22:22:21 JST; 6s agoProcess: 26258 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS)Main PID: 26258 (code=exited, status=0/SUCCESS)May 31 22:22:21 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables...May 31 22:22:21 localhost.localdomain iptables.init[26258]: iptables: Applying firewall rules: [ OK ]May 31 22:22:21 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.
Iptables 룰 설정
[root@localhost ~]# vi /etc/sysconfig/iptables# sample configuration for iptables service# you can edit this manually or use system-config-firewall# please do not ask us to add additional ports/services to this default configuration*filter:INPUT ACCEPT [0:0]:FORWARD ACCEPT [0:0]:OUTPUT ACCEPT [0:0]-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT-A INPUT -p icmp -j ACCEPT-A INPUT -i lo -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT-A INPUT -j REJECT --reject-with icmp-host-prohibited-A FORWARD -j REJECT --reject-with icmp-host-prohibitedCOMMIT~
위 포스팅에 문제가 있을 시, 삭제하도록 하겠습니다.
댓글 없음:
참고: 블로그의 회원만 댓글을 작성할 수 있습니다.