CentOS7 以é™ã®ã€Œæ¥µåŠ›è¨å®šãƒ•ã‚¡ã‚¤ãƒ«ã‚’触らã›ãªã„ã€æ„Ÿã˜ã®ã‚¢ãƒ¬ã‚’éµå®ˆã—ãŸå ´åˆã€firewall-cmd å‹•ã„ã¦ãªã„時ã©ã†ã™ã‚“ã®çš„ãªã‚¢ãƒ¬ã€‚
firewalld ãŒå‹•ã„ã¦ã‚‹ã‹ç¢ºèªã™ã‚‹
å‹•ã„ã¦ã¾ã™ãã€ãƒãƒƒãƒˆãƒ¯ãƒ¼ã‚¯ã‚¤ãƒ³ã‚¿ãƒ•ã‚§ãƒ¼ã‚¹ã® ens32 ㌠public ã¨ã„ã†åå‰ã® zone ã«æ‰€å±žã—ã¦ã„ã¾ã™ã€‚
[root@localhost ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since 月 2016-05-16 19:35:48 JST; 7min ago
Main PID: 13414 (firewalld)
CGroup: /system.slice/firewalld.service
└─13414 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
5月 16 19:35:48 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
5月 16 19:35:48 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]# firewall-cmd --list-all
public (default, active)
interfaces: ens32
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
firewalld ã‚’åœæ¢ã™ã‚‹
firewalld ã‚’åœæ¢ã—ã¦ã€ã©ã†ãªã‚‹ã‹è¦‹ã¦ã¿ã¾ã—ょ。
[root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl status firewalld ◠firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) 5月 16 13:10:42 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... 5月 16 13:10:47 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. 5月 16 14:53:13 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... 5月 16 14:53:14 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon. 5月 16 19:35:48 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... 5月 16 19:35:48 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. 5月 16 19:44:10 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... 5月 16 19:44:11 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon.
--state ã§çŠ¶æ…‹ã‚’å–å¾—ã—ã¦ã¿ã‚‹
not running ( 動作ã—ã¦ã„ãªã„ ) ã¨è¿”事をã•ã‚Œã¾ã™ã€ã“ã‚Œã¯å¤§ä½“想åƒã§ãã‚‹ã‹ã¨æ€ã„ã¾ã™ã€‚
[root@localhost ~]# firewall-cmd --state not running
動作ã—ã¦ã„ãªã„状態ã§ã‚µãƒ¼ãƒ“ã‚¹ã‚’è¿½åŠ ã—ãŸã„
å‹•çš„ã«è¿½åŠ ã§ãã‚‹ï¼ã¨ã‹è¨€ã‚ã‚Œã¦ã‚‚ã€firewalld ã‚’èµ·å‹•ã—ãŸã‚‰è¨±å¯ã•ã‚ŒãŸã‚µãƒ¼ãƒ“ス以外é®æ–ã•ã‚Œã¦ã¾ã†ã‚„ん……?ã»ã‚“ãªã‚‰åœæ¢ä¸ã«è¿½åŠ ã™ã‚Œã°ãˆãˆã‚„ã‚“ï¼ï¼
[root@localhost ~]# firewall-cmd --add-service=http --zone=public FirewallD is not running [root@localhost ~]# firewall-cmd --list-all FirewallD is not running
firewalld ãŒèµ·å‹•ã—ã¦ãªã„ã‹ã‚‰ã ã‚ã よã€ã¨è¨€ã‚ã‚Œã¾ã™ã€‚list ã™ã‚‰é€šã‚Šã¾ã›ã‚“。困ã£ãŸã。
å¸ä»¤å®˜ï¼firewall-offline-cmd ãŒã‚ã‚‹ã˜ã‚ƒãªã„ï¼
ã¡ã‚ƒã‚“ã¨ãƒ‘ッケージãŒç”¨æ„ã•ã‚Œã¦ã¾ã—ãŸã€‚
--list-all ã—ã¦ã¿ã‚‹
ã¨ã‚Œã‚‹ã€‚
[root@localhost ~]# firewall-offline-cmd --list-all public (default) interfaces: sources: services: dhcpv6-client ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
--add-service ã—ã¦ã¿ã‚‹
add ã§ããŸã€‚
[root@localhost ~]# firewall-offline-cmd --add-service=http --zone=public success [root@localhost ~]# firewall-offline-cmd --list-all public (default) interfaces: sources: services: dhcpv6-client http ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules:
firewall-offline-cmd ã‹ã‚‰ä½œæ¥ã—ãŸçµæžœã‚’実際ã«ç¢ºèªã™ã‚‹
ã¨ã„ã†è¨³ã§ä»¥ä¸‹ã®ã‚ˆã†ã«ã€èµ·å‹•ã—ãŸå¾Œã‚‚ã¡ã‚ƒã‚“ã¨åæ˜ ã•ã‚Œã¦ã„ã¾ã—ãŸã€‚
[root@localhost ~]# systemctl start firewalld
[root@localhost ~]# systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since 月 2016-05-16 20:44:26 JST; 21s ago
Main PID: 14069 (firewalld)
CGroup: /system.slice/firewalld.service
└─14069 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
5月 16 20:44:26 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
5月 16 20:44:26 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
[root@localhost ~]# firewall-cmd --list-all
public (default, active)
interfaces: ens32
sources:
services: dhcpv6-client http ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
ã¤ã¾ã‚Šï¼Ÿ
firewall-offline-cmd を使ãˆã°è§£æ±ºã—ã¾ã™ï¼ã‚„ã£ãŸãï¼ï¼
ã—ã‹ã—
å‹•çš„ã«è¿½åŠ ã§ããªã„環境ãªã‚‰æœ€åˆã‹ã‚‰ã¡ã‚ƒã‚“ã¨è¨è¨ˆã—ã¾ã—ょã†ã€ã¨ã„ã†ã”指摘ã¯ã”ã‚‚ã£ã¨ã‚‚ã§ã™ã……。ã¾ã‚今ã©ãã¯ã‚€ã£ã¡ã‚ƒãŠæ‰‹è»½ãª GUI ã¤ã„ã‹ãƒ•ã‚¡ã‚¤ã‚¢ã‚¦ã‚©ãƒ¼ãƒ«ã¨ã‹ã€AWS ã®ã‚»ã‚ュリティグループã‚ã‚‹ã‹ã‚‰ãã“ã¾ã§ç¥žçµŒè³ªã«ãªã‚‰ãªãã¦ã‚‚ã„ã„ã®ã‹ãªæ„Ÿã‚る。
