#방화벽 설정
firewall-cmd --permanent --add-port=49110/tcp
--add-port=9090-9100/tcp
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.131.37.54/32" port protocol="tcp" port="443" accept"
firewall-cmd --permanent --add-rich-rule="rule family="ipv4" source address="10.131.35.190" port protocol="tcp" port="443" accept"
특정ip외 모든ip >> not address="10.131.35.190
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --list -all
firewall-cmd --reload //--permanent옵션은 reload 시 적용,영구 적용
firewall-cmd --permanent --zone=public --remove-service=https //삭제
#ip위장 방어
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" drop'
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="172.16.0.0/12" drop'
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.0/16" drop'
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="169.254.0.0" drop'
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="192.0.2.0/24" drop'
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="224.0.0.0/4" drop'
$ sudo firewall-cmd --zone=dmz --permanent --add-rich-rule='rule family="ipv4" source address="240.0.0.0/5" drop'
$ sudo firewall-cmd --reload
'IT > 리눅스' 카테고리의 다른 글
| 쉘 스크립트 (0) | 2022.03.25 |
|---|---|
| 리눅스 싱글모드 접속(패스워드 분실) (0) | 2022.03.17 |
| samba (0) | 2022.02.12 |
| [우분투] 명령어 (0) | 2020.12.08 |
| [리눅스] 기본명령어 (0) | 2020.10.05 |
