Centos7 Iptables 사용하기
Centos7 Iptables 사용하기
안녕하세요.
JP-Hosting 입니다.
이번에는 Centos7에 적용된 firewalld 대신 기존 사용하던 iptables 를 사용하는 방법에 대한 글입니다.
-
테스트환경은 Centos 7.8 버전입니다.
[root@localhost ~]# rpm -qa *-release centos-release-7-8.2003.0.el7.centos.x86_64
-
Centos7 기본 firewalld 서비스 삭제
- 서비스 상태 확인
- Firewalld 중지
- 서비스 상태 확인
[root@localhost ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since Sat 2020-05-30 15:01:15 JST; 1 day 7h ago Docs: man:firewalld(1) Main PID: 23280 (firewalld) CGroup: /system.slice/firewalld.service └─23280 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid May 30 15:01:15 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... May 30 15:01:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. May 30 15:01:15 localhost.localdomain firewalld[23280]: WARNING: AllowZoneDrifting is enabled. This is considered an insec... now. Hint: Some lines were ellipsized, use -l to show in full. You have new mail in /var/spool/mail/root [root@localhost ~]# systemctl stop firewalld [root@localhost ~]# systemctl mask firewalld Created symlink from /etc/systemd/system/firewalld.service to /dev/null. [root@localhost ~]# systemctl status firewalld ● firewalld.service Loaded: masked (/dev/null; bad) Active: inactive (dead) since Sun 2020-05-31 22:07:36 JST; 3s ago Main PID: 23280 (code=exited, status=0/SUCCESS) May 30 15:01:15 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon... May 30 15:01:15 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon. May 30 15:01:15 localhost.localdomain firewalld[23280]: WARNING: AllowZoneDrifting is enabled. This is considered an insec... now. May 31 22:07:35 localhost.localdomain systemd[1]: Stopping firewalld - dynamic firewall daemon... May 31 22:07:36 localhost.localdomain systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full.
-
Iptables 서비스 설치
- Iptables 서비스 설치
- 서비스 시작
- 서비스 상태 확인
[root@localhost ~]# yum -y install iptables-services Loaded plugins: fastestmirror, langpacks Loading mirror speeds from cached hostfile * base: ty1.mirror.newmediaexpress.com * extras: ty1.mirror.newmediaexpress.com * updates: ty1.mirror.newmediaexpress.com Resolving Dependencies --> Running transaction check ---> Package iptables-services.x86_64 0:1.4.21-34.el7 will be installed --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================================== Package Arch Version Repository Size ================================================================================================================================== Installing: iptables-services x86_64 1.4.21-34.el7 base 52 k Transaction Summary ================================================================================================================================== Install 1 Package Total download size: 52 k Installed size: 23 k Downloading packages: iptables-services-1.4.21-34.el7.x86_64.rpm | 52 kB 00:00:00 Running transaction check Running transaction test Transaction test succeeded Running transaction Installing : iptables-services-1.4.21-34.el7.x86_64 1/1 Verifying : iptables-services-1.4.21-34.el7.x86_64 1/1 Installed: iptables-services.x86_64 0:1.4.21-34.el7 Complete!
[root@localhost ~]# systemctl enable iptables Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service. [root@localhost ~]# systemctl start iptables
[root@localhost ~]# systemctl status iptables ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Sun 2020-05-31 22:22:21 JST; 6s ago Process: 26258 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 26258 (code=exited, status=0/SUCCESS) May 31 22:22:21 localhost.localdomain systemd[1]: Starting IPv4 firewall with iptables... May 31 22:22:21 localhost.localdomain iptables.init[26258]: iptables: Applying firewall rules: [ OK ] May 31 22:22:21 localhost.localdomain systemd[1]: Started IPv4 firewall with iptables.
-
Iptables 룰 설정
[root@localhost ~]# vi /etc/sysconfig/iptables # sample configuration for iptables service # you can edit this manually or use system-config-firewall # please do not ask us to add additional ports/services to this default configuration *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT ~
위 포스팅에 문제가 있을 시, 삭제하도록 하겠습니다.
