CentOS7.1でのfirewalld関連コマンド

firewalldの稼働状況を確認する

[root@localhost ~]# firewall-cmd --state

[稼働している場合]

running

[停止している場合]

not running

以下のコマンドでも確認可能

[root@localhost ~]# systemctl status firewalld

ゾーン設定の確認

defaultゾーンの設定を表示

[root@localhost ~]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: em1
  sources:
  services: dhcpv6-client ftp minecraft ssh
  ports: 4000-4005/tcp 25565/tcp
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

指定したゾーンの設定を表示

firewall-cmd --zone=ゾーン名 --list-all

「dmz」ゾーンを表示。

[root@localhost ~]# firewall-cmd --zone=dmz --list-all
dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

すべてのゾーン設定を表示

[root@localhost ~]# firewall-cmd --list-all-zones
work
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


drop
  target: DROP
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


internal
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


external
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports:
  protocols:
  masquerade: yes
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


trusted
  target: ACCEPT
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


home
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: dhcpv6-client mdns samba-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


dmz
  target: default
  icmp-block-inversion: no
  interfaces:
  sources:
  services: ssh
  ports: 25565/tcp
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


public (active)
  target: default
  icmp-block-inversion: no
  interfaces: em1
  sources:
  services: dhcpv6-client ftp minecraft ssh
  ports: 4000-4005/tcp 25565/tcp
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:


block
  target: %%REJECT%%
  icmp-block-inversion: no
  interfaces:
  sources:
  services:
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

デフォルトゾーンの確認

[root@localhost ~]# firewall-cmd --get-default-zone
public

デフォルトゾーンの変更

firewall-cmd --set-default-zone=ゾーン名

デフォルトゾーンを「DMZ」に変更する。

[root@localhost ~]# firewall-cmd --set-default-zone=dmz
success

ポートを開放する

書式

firewall-cmd --zone=ゾーン名 --add-port=ポート番号/tcp

恒久的にポートを開放する場合

firewall-cmd --zone=ゾーン名 --add-port=ポート番号/tcp --permanent

「DMZ」ゾーンの25565番ポートを開放する

[root@localhost ~]# firewall-cmd --zone=dmz --add-port=25565/tcp --permanent
success

反映させるにはリロードが必要。

[root@localhost ~]# firewall-cmd --reload
success

CentOS の一覧