CentOS 7.x firewalld 대신에 iptables 로 대체



아무리 봐도 firewalld 는 생소해서 도무지 적응이 안된다.


firewalld 를 내리고 iptables 를 설치해보자.



[root@conoha ~]# systemctl stop firewalld

[root@conoha ~]# systemctl disable firewalld

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

[root@conoha ~]# yum install iptables-services

Loaded plugins: fastestmirror

Loading mirror speeds from cached hostfile

 * base: ftp.iij.ad.jp

 * epel: ftp.riken.jp

 * extras: ftp.iij.ad.jp

 * updates: ftp.iij.ad.jp

Resolving Dependencies

--> Running transaction check

---> Package iptables-services.x86_64 0:1.4.21-16.el7 will be installed

--> Finished Dependency Resolution


Dependencies Resolved


================================================================================

 Package                  Arch          Version               Repository   Size

================================================================================

Installing:

 iptables-services        x86_64        1.4.21-16.el7         base         50 k


Transaction Summary

================================================================================

Install  1 Package


Total download size: 50 k

Installed size: 24 k

Is this ok [y/d/N]: y

Downloading packages:

iptables-services-1.4.21-16.el7.x86_64.rpm                 |  50 kB   00:00

Running transaction check

Running transaction test

Transaction test succeeded

Running transaction

  Installing : iptables-services-1.4.21-16.el7.x86_64                       1/1

  Verifying  : iptables-services-1.4.21-16.el7.x86_64                       1/1


Installed:

  iptables-services.x86_64 0:1.4.21-16.el7


Complete!

[root@conoha ~]# systemctl enable iptables

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

[root@conoha ~]# systemctl start iptables

[root@conoha ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere             state RELATED,ESTABLISHED

ACCEPT     icmp --  anywhere             anywhere

ACCEPT     all  --  anywhere             anywhere

ACCEPT     tcp  --  anywhere             anywhere             state NEW tcp dpt:ssh

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited


Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited


Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@conoha ~]#


폰트 굵은 부분만 보면 된다.



블로그 이미지

iVPS 영은파더♥

가상서버호스팅 VPS 리눅스 서버관리 윈도우 IT

댓글을 달아 주세요