방화벽 상태 조회
# service iptables status
방화벽 start / stop
# service iptables stop
# service iptables start
방화벽 설정 수정하기
# vi /etc/sysconfig/iptables
방화벽 해제
# iptable -F 혹은 ipchains -F
방화벽 조작 명령어
---------------------------------------------------------------------------------------------
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
오라클의 em, isqlplus, sqlplus을 허용하기 위해서 추가(삽입 I 옵션)
# iptables -I RH-Firewall-1-INPUT 12 -m state --state NEW -p tcp --dport 1158 -j ACCEPT
# iptables -I RH-Firewall-1-INPUT 13 -m state --state NEW -p tcp --dport 5560 -j ACCEPT
# iptables -I RH-Firewall-1-INPUT 14 -m state --state NEW -p tcp --dport 1521 -j ACCEPT
걍 추가 할땐(추가 A 옵션)
# iptables -A RH-Firewall-1-INPUT -p tcp --dport 9190 -j ACCEPT
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT icmp -- anywhere anywhere icmp any
ACCEPT ipv6-crypt-- anywhere anywhere
ACCEPT ipv6-auth-- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:5353
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:smtp
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1158 <- 12번째 추가
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:5560 <- 13번째 추가
ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:1521 <- 14번째 추가
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited
삭제(12번째것 삭제)
# iptables -D RH-Firewall-1-INPUT 12
설정하고 나서 저장...
# /sbin/service iptables save
혹은
# /etc/init.d/iptables save
재시작
# /etc/init.d/iptables restart
iptable 설명서
|
2006.09.20 10:42:44
|
2006.09.20 10:42:44
|
479
|
Aiden
Total of Attached file
0.00 Bytes of 0 files
2008.09.10
2007.04.26
2006.09.22
2006.09.22
2006.09.20
2006.09.20
2006.09.14
2006.09.11
2006.05.24
2005.12.05
2005.12.05