{"id":33,"date":"2017-03-13T13:16:55","date_gmt":"2017-03-13T04:16:55","guid":{"rendered":"https:\/\/dong1lkim.oboki.net\/?p=33"},"modified":"2019-09-01T22:21:58","modified_gmt":"2019-09-01T13:21:58","slug":"linux-firewall-cmd","status":"publish","type":"post","link":"https:\/\/oboki.net\/workspace\/system\/security\/linux-firewall-cmd\/","title":{"rendered":"[Linux] firewall-cmd"},"content":{"rendered":"<p>RHEL7\ubd80\ud130 firewalld \ub370\ubaac\uc73c\ub85c \ubc29\ud654\ubcbd \uad00\ub9ac<br \/>\nfirewall-cmd(cmd), firewall-config(X window) \ucee4\ub9e8\ub4dc\ub85c \uc124\uc815<\/p>\n<ul>\n<li>\uc124\uce58 \ubc0f \uc2e4\ud589\n<pre><code>yum install firewalld\nsystemctl start firewald\nsystemctl enable firewalld\n<\/code><\/pre>\n<\/li>\n<li>ZONE\n<ul>\n<li>\uc0ac\uc804 \uc815\uc758\ub41c \uc874 \ubaa9\ub85d \ucd9c\ub825<br \/>\n<code>firewall-cmd \u2013get-zones<\/code><\/li>\n<li>\uc804\uccb4 \uc874 \ubaa9\ub85d \uc0c1\uc138 \ucd9c\ub825<br \/>\n<code>firewall-cmd \u2013list-all-zones<\/code><\/li>\n<li>\uae30\uc874 \uc874 \ucd9c\ub825<br \/>\n<code>firewall-cmd \u2013get-default-zone<\/code><\/li>\n<li>\ud65c\uc131\ud654 \ub41c \uc874 \ucd9c\ub825<br \/>\n<code>firewall-cmd \u2013get-active-zone<\/code><\/li>\n<\/ul>\n<\/li>\n<li>SERVICE\n<ul>\n<li>\uc11c\ube44\uc2a4 \ubaa9\ub85d<br \/>\n<code>firewall-cmd \u2013get-services<\/code><\/li>\n<li>Permanent\ub85c \ub4f1\ub85d\ub41c \uc11c\ube44\uc2a4 \ubaa9\ub85d<br \/>\n<code>firewall-cmd \u2013permanent \u2013list-all<\/code><\/li>\n<\/ul>\n<\/li>\n<li>\ud3ec\ud2b8 \uad00\ub9ac\n<ul>\n<li>\uc784\uc758 \ud3ec\ud2b8 \ucd94\uac00<br \/>\n\u2013add-port=<portid>[-<portid>]\/<protocol> \uc635\uc158 \uc0ac\uc6a9<br \/>\n<code>firewall-cmd \u2013zone=public \u2013add-port=8080\/tcp<\/code><\/li>\n<li>\ud3ec\ud2b8 \uc0ad\uc81c<br \/>\n\u2013remove-port=<portid>[-<portid>]\/<protocol> \uc635\uc158 \uc0ac\uc6a9<br \/>\n<code>firewall-cmd \u2013zone=public \u2013remove-port=8080\/tcp<\/code><\/li>\n<li>rich-rule<br \/>\n<code>firewall-cmd \u2013permanent \u2013zone=public \u2013all-rich-rule=\u201drule family=\u201dipv4\u2033 source address=\u201d192.168.0.3\/24\u2033 port protocol=\u201dtcp\u201d port=\u201d8000\u2033 accept\u201d<\/code><\/li>\n<li>port-forwarding<br \/>\n<code>firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=9100<\/code><\/li>\n<\/ul>\n<\/li>\n<li>\uc124\uc815 \uc608<br \/>\uc6f9 \uc11c\ubc84 \uc124\uc815\n<ul>\n<li>\ubc29\ud654\ubcbd\uc5d0 \ud3ec\ud2b8 \ucd94\uac00<br \/>\n<code>firewall-cmd \u2013permanent \u2013zone=public \u2013add-service=http<\/code><br \/>\n<code>firewall-cmd \u2013permanent \u2013zone=public \u2013add-service=https<\/code><br \/>\n*default zone=public -> -zone=public \uc635\uc158 \uc0dd\ub7b5 \uac00\ub2a5<\/li>\n<li>firewalld \uc7ac\uc2dc\uc791<br \/>\n<code>firewall-cmd \u2013reload<\/code><\/li>\n<li>\uc815\uc0c1 \uc124\uc815 \uc5ec\ubd80 \ud655\uc778<br \/>\n<code>firewall-cmd \u2013list-services \u2013zone=public<\/code><\/li>\n<li>apache \uc6f9\uc11c\ubc84 \ud65c\uc131\ud654<br \/>\n<code>systemctl enable httpd<\/code><\/li>\n<li>apache \uc11c\ube44\uc2a4 \uc2dc\uc791<br \/>\n<code>systemctl start httpd<\/code><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>firewall-cmd &#8211;zone=external &#8211;add-forward-port=port=22:proto=tcp:toport=2055:toaddr=192.0.2.55<\/p>\n","protected":false},"excerpt":{"rendered":"<p>RHEL7\ubd80\ud130 firewalld \ub370\ubaac\uc73c\ub85c \ubc29\ud654\ubcbd \uad00\ub9ac firewall-cmd(cmd), firewall-config(X window) \ucee4\ub9e8\ub4dc\ub85c \uc124\uc815 \uc124\uce58 \ubc0f \uc2e4\ud589 yum install firewalld systemctl start firewald systemctl enable firewalld ZONE \uc0ac\uc804 \uc815\uc758\ub41c \uc874 \ubaa9\ub85d \ucd9c\ub825 firewall-cmd \u2013get-zones \uc804\uccb4 \uc874 \ubaa9\ub85d \uc0c1\uc138 \ucd9c\ub825 firewall-cmd \u2013list-all-zones \uae30\uc874 \uc874 \ucd9c\ub825 firewall-cmd \u2013get-default-zone \ud65c\uc131\ud654 \ub41c \uc874 \ucd9c\ub825 firewall-cmd \u2013get-active-zone SERVICE \uc11c\ube44\uc2a4 \ubaa9\ub85d firewall-cmd \u2013get-services Permanent\ub85c \ub4f1\ub85d\ub41c [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[83,155,148],"class_list":["post-33","post","type-post","status-publish","format-standard","hentry","category-security","tag-linux","tag-network","tag-148"],"_links":{"self":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/33","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/comments?post=33"}],"version-history":[{"count":15,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/33\/revisions"}],"predecessor-version":[{"id":1322,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/posts\/33\/revisions\/1322"}],"wp:attachment":[{"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/media?parent=33"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/categories?post=33"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/oboki.net\/workspace\/wp-json\/wp\/v2\/tags?post=33"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}