CentOS 7 방화벽 관련 정리 - firewall-cmd 명령

1.1. 방화벽 재시작
  # firewall-cmd –reload

1.2. 포트 추가/제거
  추가 # firewall-cmd –permanent –zone=public –add-port=80/tcp
  제거 # firewall-cmd –permanent –zone=public –remove-port=80/tcp
  재시작 # firewall-cmd –reload

1.3. 서비스 추가/제거
  추가 # firewall-cmd –permanent –zone=public –add-service=http
  제거 # firewall-cmd –permanent –zone=public –remove-service=http
  재시작 # firewall-cmd –reload

1.4. 특정IP대역에만 특정포트허용하기
# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="8080" accept'
# firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="8081" accept'
재시작 # firewall-cmd –reload

1.5. 허용한 포트 목록
  # firewall-cmd –list-ports

1.6. 방화벽 상태 확인
  # firewall-cmd –state

바로 편집해서 reload 하는 방법
# vi /etc/firewalld/zones/public.xml 파일을 열어서 아래처럼 바로 편집해서 저장
 à 특정 IP 대역만 SSH 및 HTTPS를 OPEN했습니다.

<?xml version="1.0" encoding="utf-8"?>
<zone>
  <short>Public</short>
  <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<!--  <service name="pop3s"/>
-->
  <service name="dhcpv6-client"/>
<!--  <service name="https"/>
  <service name="ssh"/>
-->
  <rule family="ipv4">
    <source address="164.124.106.0/24"/>
    <service name="ssh"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source address="164.124.106.0/24"/>
    <service name="https"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source address="164.124.106.0/24"/>
    <port protocol="tcp" port="3306"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <source address="164.124.106.0/24"/>
    <port protocol="tcp" port="8443"/>
    <accept/>
  </rule>
<!--  <port protocol="tcp" port="3306"/>
  <port protocol="tcp" port="8443"/>
-->
  <port protocol="tcp" port="8018"/>
</zone>