리눅스/Security

centos7 iptables 사용

Rohin 2019. 4. 17. 16:04
반응형

firewalld 방화벽 중지

[root@localhost ~]# systemctl stop firewalld

 

firewalld 재시작 방지 중지

[root@localhost ~]# systemctl mask firewalld

 Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

 

iptables 서비스 관련 패키지 설치

[root@localhost ~]#  yum install -y iptables-services

 

.

.

Installed:

  iptables-services.x86_64 0:1.4.21-17.el7                                                                                     

 

Complete!

 

기본 사용 설정

[root@localhost ~]# systemctl enable iptables

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

 

서비스 시작

[root@localhost ~]# systemctl start iptables

 

작동확인

[root@localhost ~]# iptables -nL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination  

 

경로 확인[CentOS 5,6 처럼 동일하게 사용가능]

[root@localhost ~]# vi /etc/sysconfig/iptables

 

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

 

이후 동일하게 service 명령어 이용가능

[root@localhost ~]# service iptables stop

Redirecting to /bin/systemctl stop  iptables.service

 

[root@localhost ~]# service iptables start

Redirecting to /bin/systemctl start  iptables.service

'리눅스 > Security' 카테고리의 다른 글

/bin/su 4750 설정  (0) 2019.04.17
apache 2.4에 modsecurity-2.9 설치  (0) 2019.04.17
iptables 포트 포워딩  (0) 2019.04.17

'리눅스/Security'의 다른글

  • 현재글centos7 iptables 사용

관련글

댓글

티스토리툴바