firewalldの稼働状況を確認する

[bash] [root@localhost ~]# firewall-cmd --state [/bash]

［稼働している場合］ [bash] running [/bash] ［停止している場合］ [bash] not running [/bash]

以下のコマンドでも確認可能 [bash] [root@localhost ~]# systemctl status firewalld [/bash]

ゾーン設定の確認

defaultゾーンの設定を表示

[bash] [root@localhost ~]# firewall-cmd --list-all [/bash]

[bash] public (active) target: default icmp-block-inversion: no interfaces: em1 sources: services: dhcpv6-client ftp minecraft ssh ports: 4000-4005/tcp 25565/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: [/bash]

指定したゾーンの設定を表示

[bash] firewall-cmd --zone=ゾーン名 --list-all [/bash]

「dmz」ゾーンを表示。

[bash] [root@localhost ~]# firewall-cmd --zone=dmz --list-all [/bash]

[bash] dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

[/bash]

すべてのゾーン設定を表示

[bash] [root@localhost ~]# firewall-cmd --list-all-zones [/bash]

[bash] work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:

trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: 25565/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

public (active) target: default icmp-block-inversion: no interfaces: em1 sources: services: dhcpv6-client ftp minecraft ssh ports: 4000-4005/tcp 25565/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:

block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: [/bash]

デフォルトゾーンの確認

[bash] [root@localhost ~]# firewall-cmd --get-default-zone [/bash]

[bash] public [/bash]

デフォルトゾーンの変更

[bash] firewall-cmd --set-default-zone=ゾーン名 [/bash]

デフォルトゾーンを「DMZ」に変更する。 [bash] [root@localhost ~]# firewall-cmd --set-default-zone=dmz [/bash]

[bash] success [/bash]

ポートを開放する

書式 [bash] firewall-cmd --zone=ゾーン名 --add-port=ポート番号/tcp [/bash]

恒久的にポートを開放する場合 [bash] firewall-cmd --zone=ゾーン名 --add-port=ポート番号/tcp --permanent [/bash]

「DMZ」ゾーンの25565番ポートを開放する [bash] [root@localhost ~]# firewall-cmd --zone=dmz --add-port=25565/tcp --permanent [/bash]

[bash] success [/bash]

反映させるにはリロードが必要。

[bash] [root@localhost ~]# firewall-cmd --reload [/bash]

[bash] success [/bash]