본문 바로가기

쓰기

centos7 iptables 사용

haru 2018.07.20 17:57 조회 수 : 19

firewalld 방화벽 중지

[root@localhost ~]# systemctl stop firewalld

 

firewalld 재시작 방지 중지

[root@localhost ~]# systemctl mask firewalld

 Created symlink from /etc/systemd/system/firewalld.service to /dev/null.

 

iptables 서비스 관련 패키지 설치

[root@localhost ~]#  yum install -y iptables-services

 

.

.

Installed:

  iptables-services.x86_64 0:1.4.21-17.el7                                                                                     

 

Complete!

 

기본 사용 설정

[root@localhost ~]# systemctl enable iptables

Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.

 

서비스 시작

[root@localhost ~]# systemctl start iptables

 

작동확인

[root@localhost ~]# iptables -nL

Chain INPUT (policy ACCEPT)

target     prot opt source               destination         

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED

ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            state NEW tcp dpt:22

REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination         

REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination  

 

경로 확인[CentOS 5,6 처럼 동일하게 사용가능]

[root@localhost ~]# vi /etc/sysconfig/iptables

 

# sample configuration for iptables service

# you can edit this manually or use system-config-firewall

# please do not ask us to add additional ports/services to this default configuration

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

-A INPUT -p icmp -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

COMMIT

 

이후 동일하게 service 명령어 이용가능

[root@localhost ~]# service iptables stop

Redirecting to /bin/systemctl stop  iptables.service

 

[root@localhost ~]# service iptables start

Redirecting to /bin/systemctl start  iptables.service