LINUX
HOME > OS/WAS > LINUX
2023.06.26 / 22:11

IT/Linux [Linux] firewalld ¹æÈ­º® ¼³Á¤Çϱâ

µðµµ½º
Ãßõ ¼ö 64

RHEL 7 ºÎÅÍ ¹æÈ­º®À» °ü¸®ÇÏ´Â µ¥¸óÀÌ iptables¿¡¼­ firewalld·Î º¯°æµÇ¾ú½À´Ï´Ù.

iptablesÀ» »ç¿ëÇÏÁö ¾Ê´Â °ÍÀº ¾Æ´Ï°í firewalldÀÇ ±â¹Ý ±â´ÉÀ¸·Î µ¿ÀÛÇÏ°í ÀÖ½À´Ï´Ù. 

firewalld´Â firewall-cmd ¸í·É¾î¸¦ ÀÌ¿ëÇØ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.  firewalldÀÇ ±âº» ¼³Á¤Àº /usr/lib/firewalld/ °æ·Î¿¡ ÀúÀåµÇ°í, ÀÌÈÄ Ä¿½ºÅÒ ¼³Á¤Àº /etc/firewalld/ °æ·Î¿¡ ÀúÀåµË´Ï´Ù.

1. ¹æÈ­º®À̶õ?

Çã¿ëµÈ Á¢¼ÓÀ» Á¦¿ÜÇÏ°í ¿ÜºÎ »ç¿ëÀÚµéÀÌ ³»ºÎ ³×Æ®¿öÅ©¿¡ Á¢±ÙÇÏÁö ¸øÇϵµ·Ï ÇÏ´Â ³×Æ®¿öÅ© ¹æ¾î µµ±¸ ÀÔ´Ï´Ù.

2. ¹æÈ­º® ½ÇÇà

systemctl start firewalld

3. Zone

¹æÈ­º®¿¡´Â ±âº»ÀûÀ¸·Î ZoneÀ̶ó´Â °³³äÀÌ Á¸ÀçÇÕ´Ï´Ù. ZoneÀº ¼­¹öÀÇ ¿ëµµ¿¡ ¸Â°Ô ¹Ì¸® Á¤ÀÇµÈ ³×Æ®¿öÅ© º¸¾È ·¹º§À» ÀǹÌÇÕ´Ï´Ù. ¾Æ¹« ¼³Á¤µµ ÇÏÁö ¾Ê¾Ò´Ù¸é ±âº»ÀûÀ¸·Î public ZoneÀ» »ç¿ëÇÕ´Ï´Ù.

¾Æ·¡ ¸í·É¾î¸¦ ÀÔ·ÂÇϸé ÇöÀç Àû¿ëµÇ°í ÀÖ´Â ZoneÀÌ Ãâ·ÂµË´Ï´Ù.

firewall-cmd --get-default-zone

Zone¿¡ Çã¿ë ¹× ±ÝÁöÇÒ Æ÷Æ®¿Í ¼­ºñ½º¸¦ ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. 

public zone¿¡ 9000¹ø Æ÷Æ®¿Í 9001Æ÷Æ® ±×¸®°í mysql ¼­ºñ½º¸¦ µî·ÏÇغ¸°Ú½À´Ï´Ù.

1. Æ÷Æ® µî·Ï

 ¹æ¹ý 1
  firewall-cmd --permanent --zone=public --add-port={9000,9001}/tcp

 ¹æ¹ý 2
  firewall-cmd --permanent --zone=public --add-port=9000/tcp
  firewall-cmd --permanent --zone=public --add-port=9001/tcp

 ¹æ¹ý 3 (Æ÷Æ®¸¦ ¹üÀ§·Î ÁöÁ¤ÇÏ¿© Çã¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù.)
  firewall-cmd --permanent --zone=public --add-port=9000-9010/tcp

2. ¼­ºñ½º µî·Ï
 firewall-cmd --permanent --zone=public --add-service=mysql

 firewall-cmd --reload
--permanent 
ÁöÁ¤ÇÑ ¿É¼ÇÀ» ¿µ±¸ÀûÀ¸·Î Àû¿ëÇÕ´Ï´Ù. ÇØ´ç ¿É¼ÇÀ» ÁÖÁö ¾Ê´Â´Ù¸é ¸®´ª½º ¸®ºÎÆà ½Ã, ¼³Á¤ÇÑ ¿É¼ÇÀÌ ¸ðµÎ ÃʱâÈ­ µË´Ï´Ù.

--zone=ZoneName
ÁöÁ¤ÇÑ zone¿¡ ¼³Á¤À» Àû¿ëÇÕ´Ï´Ù. zoneÀ» ÁöÁ¤ÇÏÁö ¾ÊÀ¸¸é ÇöÀç »ç¿ëÇÏ°í ÀÖ´Â zone¿¡ Àû¿ëµË´Ï´Ù.

firewall-cmd --reload
¹æÈ­º® ¼³Á¤ÀÌ ³¡³ª¸é ¹Ýµå½Ã ¹æÈ­º® ¸®·Îµå¸¦ ÇØÁÖ¾î¾ß Àû¿ëµË´Ï´Ù. 

zone¿¡ ´ëÇÑ ¼³Á¤ Á¤º¸¸¦ º¸·Á¸é ´ÙÀ½°ú °°Àº ¸í·É¾î¸¦ ÀÔ·ÂÇØÁÖ¼¼¿ä.

firewall-cmd --zone=public --list-all

public zone¿¡ ´ëÇÑ ¼³Á¤ Á¤º¸´Â /etc/firewalld/zones/public.xml °æ·Î¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ½À´Ï´Ù.

´Ù¸¥ ZoneÀ¸·Î º¯°æÇϱâ

firewall-cmd --set-default-zone=ZoneName

public zone¿¡ 9000¹ø Æ÷Æ® Çã¿ë ¿É¼Ç »èÁ¦

firewall-cmd --permanent --zone=public --remove-port=9000/tcp

public zone¿¡ mysql ¼­ºñ½º Çã¿ë ¿É¼Ç »èÁ¦

firewall-cmd --permanent --zone=public --remove-service=mysql

public zoneÀǠƯÁ¤ IP´ë¿ª¿¡¼­ mysql Á¢±ÙÀ» Çã¿ë

firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 --add-service=mysql

public zoneÀÇ mysql¿¡ Á¢±ÙÇϴ ƯÁ¤ ip Â÷´Ü

firewall-cmd --permanent --zone=public --add-rich-rule="rule family=ipv4 source address=220.92.5.144 service name=mysql reject"

4. À¯¿ëÇÑ ¸í·É¾î

firewall-cmd --state
¹æÈ­º® »óÅ ȮÀÎ

firewall-cmd --get-zones
¸ðµç Zone Ãâ·Â

firewall-cmd --get-default-zone
ÇöÀç Àû¿ëµÈ Zone Ãâ·Â

firewall-cmd --list-all
»ç¿ë °¡´ÉÇÑ ¼­ºñ½º/Æ÷Æ® Ãâ·Â

firewall-cmd --reload
¹æÈ­º® ¸®·Îµå

ÂüÁ¶ : https://www.lesstif.com/pages/viewpage.action?pageId=22053128