LoginSignup

This article is a Private article. Only a writer and users who know the URL can access it.
Please change open range to public in publish setting if you want to share this article with other users.

More than 1 year has passed since last update.

@chicca(きっかちゃん)

海外からのアクセスを弾くFireWallを設定(firewalld)

Posted at

参考

# systemctl start firewalld
# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client http ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
# firewall-cmd --permanent --zone=public --add-service=http
Warning: ALREADY_ENABLED: http
success
# firewall-cmd --permanent --zone=public --add-service=https
success
# mkdir /root/iptables
# vi /root/iptables/jpip_setup.sh
# chmod 700 /root/iptables/jpip_setup.sh
# /root/iptables/jpip_setup.sh
cat: delegated-apnic-latest: No such file or directory
# firewall-cmd --permanent --new-zone=domestic
success
# firewall-cmd --permanent --new-ipset=domestic --type=hash:net
success
# firewall-cmd --permanent --ipset=domestic --add-entries-from-file=/root/iptables/jpip
success
# firewall-cmd --permanent --info-ipset=domestic
domestic
  type: hash:net
  options: 
  entries: 
# firewall-cmd --permanent --zone=domestic --add-source=ipset:domestic
success
# firewall-cmd --permanent --zone=public --remove-service=http
success
# firewall-cmd --permanent --zone=public --remove-service=https
success
# firewall-cmd --permanent --zone=domestic --add-service=http
success
# firewall-cmd --permanent --zone=domestic --add-service=https
success
# firewall-cmd --reload
success
#
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin