This article is a Private article. Only a writer and users who know the URL can access it.
Please change open range to public in publish setting if you want to share this article with other users.

More than 3 years have passed since last update.

海外からのアクセスを弾くFireWallを設定（firewalld）

Posted at 2021-07-27

参考

# systemctl start firewalld
# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources: 
  services: cockpit dhcpv6-client http ssh
  ports: 
  protocols: 
  masquerade: no
  forward-ports: 
  source-ports: 
  icmp-blocks: 
  rich rules: 
# firewall-cmd --permanent --zone=public --add-service=http
Warning: ALREADY_ENABLED: http
success
# firewall-cmd --permanent --zone=public --add-service=https
success
# mkdir /root/iptables
# vi /root/iptables/jpip_setup.sh
# chmod 700 /root/iptables/jpip_setup.sh
# /root/iptables/jpip_setup.sh
cat: delegated-apnic-latest: No such file or directory
# firewall-cmd --permanent --new-zone=domestic
success
# firewall-cmd --permanent --new-ipset=domestic --type=hash:net
success
# firewall-cmd --permanent --ipset=domestic --add-entries-from-file=/root/iptables/jpip
success
# firewall-cmd --permanent --info-ipset=domestic
domestic
  type: hash:net
  options: 
  entries: 
# firewall-cmd --permanent --zone=domestic --add-source=ipset:domestic
success
# firewall-cmd --permanent --zone=public --remove-service=http
success
# firewall-cmd --permanent --zone=public --remove-service=https
success
# firewall-cmd --permanent --zone=domestic --add-service=http
success
# firewall-cmd --permanent --zone=domestic --add-service=https
success
# firewall-cmd --reload
success
#

You get articles that match your needs
You can efficiently read back useful information
You can use dark theme

What you can do with signing up