RH-Satellite-6 RH-Satellite-6-capsule afp amanda-client amanda-k5-client amqp amqps apcupsd audit ausweisapp2 bacula bacula-client bareos-director bareos-filedaemon bareos-storage bb bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc bittorrent-lsd ceph ceph-exporter ceph-mon cfengine checkmk-agent cockpit collectd condor-collector cratedb ctdb dds dds-multicast dds-unicast dhcp dhcpv6 dhcpv6-client distcc dns dns-over-tls docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger foreman foreman-proxy freeipa-4 freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp galera ganglia-client ganglia-master git gpsd grafana gre high-availability http http3 https ident imap imaps ipfs ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kdeconnect kerberos kibana klogin kpasswd kprop kshell kube-api kube-apiserver kube-control-plane kube-control-plane-secure kube-controller-manager kube-controller-manager-secure kube-nodeport-services kube-scheduler kube-scheduler-secure kube-worker kubelet kubelet-readonly kubelet-worker ldap ldaps libvirt libvirt-tls lightning-network llmnr llmnr-client llmnr-tcp llmnr-udp managesieve matrix mdns memcache minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nbd nebula netbios-ns netdata-dashboard nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy prometheus prometheus-node-exporter proxy-dhcp ps2link ps3netsrv ptp pulseaudio puppetmaster quassel radius rdp redis redis-sentinel rpc-bind rquotad rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptls snmptls-trap snmptrap spideroak-lansync spotify-sync squid ssdp ssh steam-streaming svdrp svn syncthing syncthing-gui syncthing-relay synergy syslog syslog-tls telnet tentacle tftp tile38 tinc tor-socks transmission-client upnp-client vdsm vnc-server warpinator wbem-http wbem-https wireguard ws-discovery ws-discovery-client ws-discovery-tcp ws-discovery-udp wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server zerotier
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="172.30.144" service name="ssh" accept'
firewall-cmd --permanent --zone=public --remove-service=ssh
==================================================
firewall-cmd --list-all --zone=public
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="172.30.1.44" port protocol="tcp" port="80" reject'
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port protocol="tcp" port="80" reject'
개별 설정 적용 파일 //etc/firewalld/zones/public.xml
===========================================
firewall-cmd --permanent --zone=public --remove-service=http
모든 80 차단
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.200" port protocol="tcp" port="80" accept'
추가
============================================================
firewall-cmd --permanent --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" port protocol="tcp" port="80" reject'
제거
======================================================
개별적인 설정
/etc/firewalld/services/custom-ssh.xml
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>Custom SSH</short>
<description>Custom SSH with additional ports</description>
<port protocol="tcp" port="22"/>
<port protocol="tcp" port="80"/>
<port protocol="tcp" port="443"/>
</service>
==========================================
firewall-cmd --permanent --add-service=custom-ssh
======================================================================================
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --remove-port=22/tcp
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="192.168.0.1" port protocol="tcp" port="22" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="220.78.30.11" port protocol="tcp" port="22" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="59.31.124.11" port protocol="tcp" port="22" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" port protocol="tcp" port="22" drop'
sudo firewall-cmd --reload
==================================================================================================