firewalldサービス起動・停止・ステータス
# systemctl start firewalld
# systemctl stop firewalld
# systemctl status firewlld
# firewall-cmd –state
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 |
[root@kgwlocalvm001 ~]# systemctl start firewalld [root@kgwlocalvm001 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 土 2022-02-19 10:38:29 JST; 59min ago Docs: man:firewalld(1) Main PID: 762 (firewalld) CGroup: /system.slice/firewalld.service └─762 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid 2月 19 10:38:28 kgwlocalvm001 systemd[1]: Starting firewalld - dynamic firewall daemon... 2月 19 10:38:29 kgwlocalvm001 systemd[1]: Started firewalld - dynamic firewall daemon. 2月 19 10:38:30 kgwlocalvm001 firewalld[762]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option...it now. Hint: Some lines were ellipsized, use -l to show in full. [root@kgwlocalvm001 ~]# systemctl stop firewalld [root@kgwlocalvm001 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: inactive (dead) since 土 2022-02-19 11:37:58 JST; 2s ago Docs: man:firewalld(1) Process: 762 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS) Main PID: 762 (code=exited, status=0/SUCCESS) 2月 19 10:38:28 kgwlocalvm001 systemd[1]: Starting firewalld - dynamic firewall daemon... 2月 19 10:38:29 kgwlocalvm001 systemd[1]: Started firewalld - dynamic firewall daemon. 2月 19 10:38:30 kgwlocalvm001 firewalld[762]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure configuration option...it now. 2月 19 11:37:57 kgwlocalvm001 systemd[1]: Stopping firewalld - dynamic firewall daemon... 2月 19 11:37:58 kgwlocalvm001 systemd[1]: Stopped firewalld - dynamic firewall daemon. Hint: Some lines were ellipsized, use -l to show in full. [root@kgwlocalvm001 ~]# systemctl start firewalld [root@kgwlocalvm001 ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 土 2022-02-19 11:38:04 JST; 5s ago Docs: man:firewalld(1) Main PID: 6817 (firewalld) Tasks: 2 CGroup: /system.slice/firewalld.service └─6817 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --nopid 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --de...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --so...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --in...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --ou...t name. 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete FORWARD --in...t name. 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-i...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-i...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete OUTPUT --out...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-i...hain?). 2月 19 11:38:05 kgwlocalvm001 firewalld[6817]: WARNING: COMMAND_FAILED: '/usr/sbin/iptables -w10 -w --table filter --delete INPUT --in-i...hain?). Hint: Some lines were ellipsized, use -l to show in full. [root@kgwlocalvm001 ~]# firewall-cmd --state running |
firewall設定内容の一覧
#firewall-cmd –list-all
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
[root@kgwlocalvm001 ~]# firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 sources: services: dhcpv6-client ftp ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: [root@kgwlocalvm001 ~]# |
外部から(XRDP)リモートデスクトップ接続を許可する
firewalldが有効な場合は、RDP通信(TCP:3389)の設定を追加
|
1 2 3 4 5 |
[root@kgwlocalvm001 ~]# firewall-cmd --permanent --zone=public --add-port=3389/tcp success [root@kgwlocalvm001 ~]# firewall-cmd --reload success [root@kgwlocalvm001 ~]# |