리눅스 센토스 7 FirewallD 방화벽 사용하기 정보
리눅스 센토스 7 FirewallD 방화벽 사용하기
본문
yum install firewalld (7은 이미 깔려 있을겁니다.)
service firewalld start 를 합니다.
systemctl enable firewalld (firewalld 적용)
gedit /etc/firewalld/zones/public.xml
아래 내용 추가 및 수정 (허용 포트 오픈)
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ftp"/>
<service name="mdns"/>
<service name="http"/>
<service name="mysql"/>
<service name="dns"/>
<service name="smtp"/>
<service name="ssh"/>
<service name="https"/>
<port protocol="tcp" port="110"/>
<port protocol="tcp" port="443"/>
<port protocol="tcp" port="21"/>
<port protocol="tcp" port="80"/>
<port protocol="udp" port="53"/>
<port protocol="tcp" port="587"/>
<port protocol="tcp" port="25"/>
<port protocol="tcp" port="1024"/>
<port protocol="tcp" port="20"/>
<port protocol="tcp" port="993"/>
<port protocol="tcp" port="10000"/>
<port protocol="tcp" port="143"/>
<port protocol="tcp" port="3306"/>
<port protocol="tcp" port="2030"/>
<port protocol="udp" port="3306"/>
<port protocol="tcp" port="53"/>
<port protocol="tcp" port="60"/>
<port protocol="tcp" port="995"/>
<port protocol="udp" port="80"/>
<port protocol="tcp" port="22"/>
</zone>
port는 안적으셔도 될 것 같구 service 들만 넣으셔도 될듯 합니다.
그래도 모르니 일단 적어 놓습니다.
service firewalld restart (터미널에서)
포트를 열었는데도 접속이 안되시면 공유기 포트 포워딩 하세요.
service firewalld start 를 합니다.
systemctl enable firewalld (firewalld 적용)
gedit /etc/firewalld/zones/public.xml
아래 내용 추가 및 수정 (허용 포트 오픈)
<?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name="ftp"/>
<service name="mdns"/>
<service name="http"/>
<service name="mysql"/>
<service name="dns"/>
<service name="smtp"/>
<service name="ssh"/>
<service name="https"/>
<port protocol="tcp" port="110"/>
<port protocol="tcp" port="443"/>
<port protocol="tcp" port="21"/>
<port protocol="tcp" port="80"/>
<port protocol="udp" port="53"/>
<port protocol="tcp" port="587"/>
<port protocol="tcp" port="25"/>
<port protocol="tcp" port="1024"/>
<port protocol="tcp" port="20"/>
<port protocol="tcp" port="993"/>
<port protocol="tcp" port="10000"/>
<port protocol="tcp" port="143"/>
<port protocol="tcp" port="3306"/>
<port protocol="tcp" port="2030"/>
<port protocol="udp" port="3306"/>
<port protocol="tcp" port="53"/>
<port protocol="tcp" port="60"/>
<port protocol="tcp" port="995"/>
<port protocol="udp" port="80"/>
<port protocol="tcp" port="22"/>
</zone>
port는 안적으셔도 될 것 같구 service 들만 넣으셔도 될듯 합니다.
그래도 모르니 일단 적어 놓습니다.
service firewalld restart (터미널에서)
포트를 열었는데도 접속이 안되시면 공유기 포트 포워딩 하세요.
추천
1
1
댓글 3개
호스팅 서비스에도 적용하셨나요 ㅎ
예 물론입니다. fail2ban이 해커로부터의 공격을 막아주고 있습니다.
oops-firewall이랑 fail2ban 무지무지좋은거같아요 ㅎㅎ
