{"id":1305,"date":"2015-09-23T01:16:49","date_gmt":"2015-09-22T16:16:49","guid":{"rendered":"http:\/\/1bed.allright.life\/?p=1305"},"modified":"2020-04-18T23:10:20","modified_gmt":"2020-04-18T14:10:20","slug":"post-1305","status":"publish","type":"post","link":"https:\/\/1bed.allright.life\/?p=1305","title":{"rendered":"FirewallD \u3068\u306f\uff11"},"content":{"rendered":"<h2>FirewallD \u3068\u306f<\/h2>\n<blockquote>\n<p>firewalld\u306f\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u3084\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u306e\u4fe1\u983c\u5ea6\u3092\u5b9a\u7fa9\u3059\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\/\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u30be\u30fc\u30f3\u306b\u5bfe\u5fdc\u3057\u305f\u52d5\u7684\u306b\u7ba1\u7406\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002IPv4\u3068IPv6\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u3068\u30a4\u30fc\u30b5\u30cd\u30c3\u30c8\u30d6\u30ea\u30c3\u30b8\u306b\u5bfe\u5fdc\u3057\u3001\u4e00\u6642\u7684\u30fb\u6c38\u7d9a\u7684\u306a\u8a2d\u5b9a\u30aa\u30d7\u30b7\u30e7\u30f3\u3092\u5206\u3051\u3066\u4fdd\u6301\u3057\u307e\u3059\u3002\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u30eb\u30fc\u30eb\u3092\u76f4\u63a5\u8ffd\u52a0\u3059\u308b\u30b5\u30fc\u30d3\u30b9\u3078\u306e\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3068\u30a2\u30d7\u30ea\u30b1\u30fc\u30b7\u30e7\u30f3\u306b\u3082\u5bfe\u5fdc\u3057\u307e\u3059\u3002<\/p>\n<\/blockquote>\n<p>CentOS 6 \u306f iptables \u3068\u3044\u3046\u30d1\u30b1\u30c3\u30c8\u30d5\u30a3\u30eb\u30bf\u30ea\u30f3\u30b0\u578b\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u6a5f\u80fd\u3067\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u9ad8\u3081\u3066\u3044\u307e\u3057\u305f\u304c\u3001CentOS 7 \u304b\u3089\u306f iptables \u3067\u306f\u306a\u304f\u3001firewalld \u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3068\u3057\u3066\u63d0\u4f9b\u3055\u308c\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<p>iptables \u306f\u9759\u7684\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3067\u3001\u8a2d\u5b9a\u306e\u53cd\u6620\u306f\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u518d\u8d77\u52d5\u304c\u5fc5\u8981\u3067\u3057\u305f\u304c\u3001firewalld \u306f\u52d5\u7684\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3068\u306a\u3063\u3066\u3044\u308b\u305f\u3081\u3001\u305d\u306e\u3088\u3046\u306a\u518d\u8d77\u52d5\u3084\u30ab\u30fc\u30cd\u30eb\u30e2\u30b8\u30e5\u30fc\u30eb\u306e\u30ea\u30ed\u30fc\u30c9\u306f\u5fc5\u8981\u306a\u3044\u3088\u3046\u3067\u3059\u3002<\/p>\n<p><!--more--><\/p>\n<h2>\u30be\u30fc\u30f3\u3068\u306f<\/h2>\n<p>firewalld \u3067\u306f\u30be\u30fc\u30f3\u3068\u547c\u3070\u308c\u308b\u6982\u5ff5\u304c\u3042\u308a\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u3067 9 \u3064\u306e\u30be\u30fc\u30f3\u304c\u7528\u610f\u3055\u308c\u3066\u3044\u307e\u3059\u3002<\/p>\n<ul>\n<li>drop<\/li>\n<li>block<\/li>\n<li>public<\/li>\n<li>external<\/li>\n<li>dmz<\/li>\n<li>work<\/li>\n<li>home<\/li>\n<li>internal<\/li>\n<li>trusted<\/li>\n<\/ul>\n<p>\u3053\u308c\u3089\u3092\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u3068\u7d50\u3073\u3064\u3051\u3066\u4f7f\u3044\u307e\u3059\u3002 \u6050\u3089\u304f\u3088\u304f\u4f7f\u3046\u306e\u306f\u3001\u300c\u30af\u30e9\u30a4\u30a2\u30f3\u30c8 PC \u3067\u3001\u81ea\u5b85\u306e Wifi \u306e\u30be\u30fc\u30f3\u306f home \u3067\u3001\u305d\u308c\u4ee5\u5916\u306e\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u306b\u63a5\u7d9a\u3059\u308b\u3068\u304d\u306f public\u300d\u3084\u3001\u300c\u30b5\u30fc\u30d0\u30fc\u3067 public \u3092\u30c7\u30d5\u30a9\u30eb\u30c8\u3068\u3057\u3066\u3001\u5fc5\u8981\u306a\u30b5\u30fc\u30d3\u30b9\u3092\u8a31\u53ef\u3057\u3066\u3044\u304f\u300d\u3068\u3044\u3046\u5f62\u3067\u306f\u306a\u3044\u304b\u306a\uff1f\u3068\u601d\u3046\u3002<\/p>\n<h2>\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb<\/h2>\n<p>\/usr\/lib\/firewalld \u306e\u4e0b\u304c\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u306e\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<pre><code class=\"language-bash\"># ls \/usr\/lib\/firewalld\/*\n\/usr\/lib\/firewalld\/icmptypes:\ndestination-unreachable.xml  echo-request.xml       redirect.xml              router-solicitation.xml  time-exceeded.xml\necho-reply.xml               parameter-problem.xml  router-advertisement.xml  source-quench.xml\n\n\/usr\/lib\/firewalld\/services:\nRH-Satellite-6.xml  ftp.xml                kerberos.xml     ms-wbt.xml    pmwebapis.xml     smtp.xml\namanda-client.xml   high-availability.xml  kpasswd.xml      mysql.xml     pop3s.xml         ssh.xml\nbacula-client.xml   http.xml               ldap.xml         nfs.xml       postgresql.xml    telnet.xml\nbacula.xml          https.xml              ldaps.xml        ntp.xml       proxy-dhcp.xml    tftp-client.xml\ndhcp.xml            imaps.xml              libvirt-tls.xml  openvpn.xml   radius.xml        tftp.xml\ndhcpv6-client.xml   ipp-client.xml         libvirt.xml      pmcd.xml      rpc-bind.xml      transmission-client.xml\ndhcpv6.xml          ipp.xml                mdns.xml         pmproxy.xml   samba-client.xml  vnc-server.xml\ndns.xml             ipsec.xml              mountd.xml       pmwebapi.xml  samba.xml         wbem-https.xml\n\n\/usr\/lib\/firewalld\/zones:\nblock.xml  dmz.xml  drop.xml  external.xml  home.xml  internal.xml  public.xml  trusted.xml  work.xml<\/code><\/pre>\n<p>\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u306f \/etc\/firewalld \u306e\u4e0b\u306b\u914d\u7f6e\u3055\u308c\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u3068\u540c\u3058\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u914d\u7f6e\u306b\u306a\u3063\u3066\u3044\u307e\u3059\u3002<\/p>\n<p>\u8aad\u307f\u8fbc\u307f\u9806\u5e8f\u306f\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u304c\u8aad\u307f\u8fbc\u307e\u308c\u305f\u5f8c\u3001\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u304c\u8aad\u307f\u8fbc\u307e\u308c\u3001\u540c\u3058\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u3063\u305f\u3089\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u3067\u4e0a\u66f8\u304d\u3055\u308c\u307e\u3059\u3002<\/p>\n<h3>\u4f8b. \u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u306e\u6319\u52d5\u3092\u5909\u3048\u308b\u6642<\/h3>\n<p>\u30c7\u30d5\u30a9\u30eb\u30c8\u8a2d\u5b9a\u306e\u6319\u52d5\u3092\u5909\u3048\u308b(\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3059\u308b)\u6642\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u8a2d\u5b9a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u304b\u3089\u30b7\u30b9\u30c6\u30e0\u8a2d\u5b9a\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3078\u5bfe\u8c61\u30d5\u30a1\u30a4\u30eb\u3092\u30b3\u30d4\u30fc\u3057\u3066\u66f8\u304d\u63db\u3048\u308b\u3002<\/p>\n<p>\u4f8b\u3048\u3070\u3001HTTP \u306e\u8a2d\u5b9a\u3092\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3059\u308b\u3068\u304d\u306b\u306f\u3001<\/p>\n<pre><code class=\"language-bash\">$ sudo cp \/usr\/lib\/firewalld\/services\/http.xml \/etc\/firewalld\/services<\/code><\/pre>\n<p>\u3068\u3057\u3066\u3001\u30b3\u30d4\u30fc\u5148\u306e \/etc\/firewalld\/services\/http.xml \u3092\u7de8\u96c6\u3059\u308b\u3002<\/p>\n<h3>\u4f8b. \u65b0\u3057\u3044\u8a2d\u5b9a\u3092\u4f5c\u6210\u3059\u308b\u6642<\/h3>\n<p>\/etc\/firewalld \u306e\u4e0b\u306b\u4f5c\u6210\u3059\u308b\u3002<\/p>\n<p>\u5b9f\u969b\u306f\u3001\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u6319\u52d5\u3092\u5909\u3048\u308b\u3088\u308a\u3001\u65e2\u5b58\u306e\u30dd\u30fc\u30c8\u304b\u3089\u5909\u66f4\u3057\u3066\u65b0\u3057\u3044\u30b5\u30fc\u30d3\u30b9\u7528\u306e\u8a2d\u5b9a\u3092\u4f5c\u308b\u3068\u601d\u3046\u3002\u4f8b\u3048\u3070\u3001\u65b0\u3057\u3044 Web \u30b5\u30fc\u30d3\u30b9\u7528\u306e\u8a2d\u5b9a\u3092\u4f5c\u6210\u3059\u308b\u3068\u3057\u3066\u3001<\/p>\n<pre><code class=\"language-bash\">$ sudo cp \/usr\/lib\/firewalld\/services\/http.xml \/etc\/firewalld\/services\/newservice.xml<\/code><\/pre>\n<p>\u3068\u3057\u3066\u3001\u30b3\u30d4\u30fc\u5148\u306e \/etc\/firewalld\/services\/newservice.xml \u3092\u7de8\u96c6\u3057\u3066\u4f7f\u3046\u30d1\u30bf\u30fc\u30f3\u304c\u591a\u3044\u3068\u601d\u3046\u3002<\/p>\n<h2>\u8a2d\u5b9a\u65b9\u6cd5<\/h2>\n<p>Fedora Linux \u306e GUI \u3068\u3057\u3066\u304a\u99b4\u67d3\u307f\u306e firewall-config \u3084\u3001\u30b3\u30de\u30f3\u30c9\u30e9\u30a4\u30f3\u30c4\u30fc\u30eb\u3068\u3057\u3066 firewall-cmd \u3067\u8a2d\u5b9a\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n<h2>\u53c2\u8003\u30b5\u30a4\u30c8<\/h2>\n<ul>\n<li><a href=\"https:\/\/fedoraproject.org\/wiki\/FirewallD\/jp\">FirewallD\/jp FedoraProject<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>FirewallD \u3068\u306f firewalld\u306f\u3001\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30b3\u30cd\u30af\u30b7\u30e7\u30f3\u3084\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u306e\u4fe1\u983c\u5ea6\u3092\u5b9a\u7fa9\u3059\u308b\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\/\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u306e\u30be\u30fc\u30f3\u306b\u5bfe\u5fdc\u3057\u305f\u52d5\u7684\u306b\u7ba1\u7406\u53ef\u80fd\u306a\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u3092\u63d0\u4f9b\u3057\u307e\u3059\u3002IPv4\u3068IPv6 [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[74],"class_list":["post-1305","post","type-post","status-publish","format-standard","hentry","category-linux","tag-firewalld"],"_links":{"self":[{"href":"https:\/\/1bed.allright.life\/index.php?rest_route=\/wp\/v2\/posts\/1305","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/1bed.allright.life\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1bed.allright.life\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1bed.allright.life\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/1bed.allright.life\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1305"}],"version-history":[{"count":23,"href":"https:\/\/1bed.allright.life\/index.php?rest_route=\/wp\/v2\/posts\/1305\/revisions"}],"predecessor-version":[{"id":3198,"href":"https:\/\/1bed.allright.life\/index.php?rest_route=\/wp\/v2\/posts\/1305\/revisions\/3198"}],"wp:attachment":[{"href":"https:\/\/1bed.allright.life\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1305"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1bed.allright.life\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1305"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1bed.allright.life\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1305"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}