firewalldの稼働状況を確認する
[bash] [root@localhost ~]# firewall-cmd --state [/bash]
[稼働している場合] [bash] running [/bash] [停止している場合] [bash] not running [/bash]
以下のコマンドでも確認可能 [bash] [root@localhost ~]# systemctl status firewalld [/bash]
ゾーン設定の確認
defaultゾーンの設定を表示
[bash] [root@localhost ~]# firewall-cmd --list-all [/bash]
[bash] public (active) target: default icmp-block-inversion: no interfaces: em1 sources: services: dhcpv6-client ftp minecraft ssh ports: 4000-4005/tcp 25565/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: [/bash]
指定したゾーンの設定を表示
[bash] firewall-cmd --zone=ゾーン名 --list-all [/bash]
「dmz」ゾーンを表示。
[bash] [root@localhost ~]# firewall-cmd --zone=dmz --list-all [/bash]
[bash] dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
[/bash]
すべてのゾーン設定を表示
[bash] [root@localhost ~]# firewall-cmd --list-all-zones [/bash]
[bash] work target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
drop target: DROP icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
internal target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
external target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: protocols: masquerade: yes forward-ports: sourceports: icmp-blocks: rich rules:
trusted target: ACCEPT icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
home target: default icmp-block-inversion: no interfaces: sources: services: dhcpv6-client mdns samba-client ssh ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
dmz target: default icmp-block-inversion: no interfaces: sources: services: ssh ports: 25565/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
public (active) target: default icmp-block-inversion: no interfaces: em1 sources: services: dhcpv6-client ftp minecraft ssh ports: 4000-4005/tcp 25565/tcp protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules:
block target: %%REJECT%% icmp-block-inversion: no interfaces: sources: services: ports: protocols: masquerade: no forward-ports: sourceports: icmp-blocks: rich rules: [/bash]
デフォルトゾーンの確認
[bash] [root@localhost ~]# firewall-cmd --get-default-zone [/bash]
デフォルトゾーンの変更
[bash] firewall-cmd --set-default-zone=ゾーン名 [/bash]
デフォルトゾーンを「DMZ」に変更する。 [bash] [root@localhost ~]# firewall-cmd --set-default-zone=dmz [/bash]
ポートを開放する
書式 [bash] firewall-cmd --zone=ゾーン名 --add-port=ポート番号/tcp [/bash]
恒久的にポートを開放する場合 [bash] firewall-cmd --zone=ゾーン名 --add-port=ポート番号/tcp --permanent [/bash]
「DMZ」ゾーンの25565番ポートを開放する [bash] [root@localhost ~]# firewall-cmd --zone=dmz --add-port=25565/tcp --permanent [/bash]
反映させるにはリロードが必要。