CentOS 7.x firewalld 대신에 iptables 로 대체

CentOS 7.x firewalld 대신에 iptables 로 대체

아무리 봐도 firewalld 는 생소해서 도무지 적응이 안된다.

firewalld 를 내리고 iptables 를 설치해보자.

[root@conoha ~]# systemctl stop firewalld

[root@conoha ~]# systemctl disable firewalld

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@conoha ~]# yum install iptables-services

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: ftp.iij.ad.jp

 * epel: ftp.riken.jp

 * extras: ftp.iij.ad.jp

 * updates: ftp.iij.ad.jp

Resolving Dependencies

--> Running transaction check

---> Package iptables-services.x86_64 0:1.4.21-16.el7 will be installed

--> Finished Dependency Resolution

Dependencies Resolved

================================================================================

 Package                  Arch          Version               Repository   Size

================================================================================

Installing:

 iptables-services        x86_64        1.4.21-16.el7         base         50 k

Transaction Summary

================================================================================

Install  1 Package

Total download size: 50 k

Installed size: 24 k

Is this ok [y/d/N]: y

Downloading packages:

iptables-services-1.4.21-16.el7.x86_64.rpm                 |  50 kB   00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : iptables-services-1.4.21-16.el7.x86_64                       1/1

  Verifying  : iptables-services-1.4.21-16.el7.x86_64                       1/1

Installed:

  iptables-services.x86_64 0:1.4.21-16.el7

Complete!

[root@conoha ~]# systemctl enable iptables

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

[root@conoha ~]# systemctl start iptables

[root@conoha ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     all  --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@conoha ~]#

폰트 굵은 부분만 보면 된다.