CentOS release 6.8 (Final) - 방화벽 설정( 80, 8080, 443 포트 추가 )

os/UNIX_LINUX 2017. 3. 29. 10:53
반응형




CentOS release 6.8 (Final) - 방화벽 설정( 80, 8080, 443 포트 추가 )


1. 방화벽 정지

[root@localhost/]#  /etc/init.d/iptables stop
iptables: 체인을 ACCEPT 규칙으로 설정 중:  filter          [  OK  ]
iptables: 방화벽 규칙을 지웁니다:                          [  OK  ]
iptables: 모듈을 언로드하는 중:                            [  OK  ]
[root@localhost|/]#


2. 사용하고자 하는 서비스 포트 추가

[root@localhost/]# vi /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 80 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8080 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

3. 방화벽 실행

[root@localhost/]#  /etc/init.d/iptables start
iptables: 방화벽 규칙 적용 중:                             [  OK  ]


4. 방화벽 상태 확인

[root@localhost/]#  /etc/init.d/iptables status

테이블: filter
Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination        
1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
2    ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0          
3    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0          
4    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
5    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:80
6    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:443
7    ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:8080
8    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
num  target     prot opt source               destination        
1    REJECT     all  --  0.0.0.0/0            0.0.0.0/0           reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination        

5. 네트워크 연결 목록 확인

[root@localhost/]# netstat -tnlp

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name  
tcp        0      0 0.0.0.0:111                 0.0.0.0:*                   LISTEN      1859/rpcbind       
tcp        0      0 0.0.0.0:46356               0.0.0.0:*                   LISTEN      1916/rpc.statd     
tcp        0      0 0.0.0.0:22                  0.0.0.0:*                   LISTEN      8068/sshd          
tcp        0      0 127.0.0.1:631               0.0.0.0:*                   LISTEN      1955/cupsd         
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      8350/master        
tcp        0      0 :::34568                    :::*                        LISTEN      1916/rpc.statd     
tcp        0      0 :::111                      :::*                        LISTEN      1859/rpcbind       
tcp        0      0 :::22                       :::*                        LISTEN      8068/sshd          
tcp        0      0 ::1:631                     :::*                        LISTEN      1955/cupsd         
tcp        0      0 ::1:25                      :::*                        LISTEN      8350/master        
[root@localhost/]#




반응형
Posted by 공간사랑
,

티스토리툴바