{"id":2754,"date":"2020-02-20T16:41:46","date_gmt":"2020-02-20T13:41:46","guid":{"rendered":"http:\/\/surgery.moscow\/smos\/?p=2754"},"modified":"2023-03-17T17:58:18","modified_gmt":"2023-03-17T14:58:18","slug":"firewall-cmdlinux","status":"publish","type":"post","link":"https:\/\/surgery.moscow\/smos\/2020\/02\/20\/firewall-cmdlinux\/","title":{"rendered":"firewall-cmd:linux"},"content":{"rendered":"\n

\u0441\u0442\u0430\u0442\u044c\u044f \u043f\u0440\u043e firewall-cmd <\/a><\/strong> \u043d\u0430 \u0430\u043d\u0433\u043b\u0438\u0439\u0441\u043a\u043e\u043c \u044f\u0437\u044b\u043a\u0435<\/p>\n\n\n\n

\u0415\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0435 tcp<\/strong> \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u044e\u0449\u0438\u0435 \u0441 \u0430\u0434\u0440\u0435\u0441\u0430 165.232.186.196

firewall-cmd —add-rich-rule=’rule family=»ipv4″ source address=»165.232.186.196″ protocol value=»tcp» reject’<\/strong><\/p>\n\n\n\n

firewall-cmd —reload<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

\u0435\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e \u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u043f\u0430\u043a\u0435\u0442\u044b SSH<\/strong> \u0441 \u0430\u0434\u0440\u0435\u0441\u0430 211.253.133.50<\/p>\n\n\n\n


firewall-cmd —add-rich-rule=’rule family=»ipv4″ source address=»211.253.133.50″ service name=ssh reject’<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

\u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0432\u0441\u0435 \u043f\u0440\u0430\u0432\u0438\u043b\u0430 firewall-cmd <\/strong> :<\/p>\n\n\n\n

firewall-cmd —list-all<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

\u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0442\u043e\u043b\u044c\u043a\u043e rich rule<\/strong>:<\/p>\n\n\n\n

firewall-cmd —list-rich-rule<\/strong><\/p>\n\n\n\n

<\/p>\n\n\n\n

<\/p>\n\n\n\n

\u041e\u0442\u043a\u0440\u044b\u0442\u044c \u043f\u043e\u0440\u0442 \u0434\u043b\u044f \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e IP-\u0430\u0434\u0440\u0435\u0441\u0430 \u0432 Firewalld-cmd<\/strong><\/p>\n\n\n\n

    \n
  1. \u0421\u043e\u0437\u0434\u0430\u0435\u043c \u0438\u043c\u044f \u0437\u043e\u043d\u044b ‘postgre’.<\/li>\n<\/ol>\n\n\n\n

    firewall-cmd —new-zone=postgre —permanent<\/strong><\/p>\n\n\n\n

    \u041f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c \u0442\u0430\u0431\u043b\u0438\u0446\u044b:<\/p>\n\n\n\n

    firewall-cmd —reload<\/strong><\/p>\n\n\n\n

    firewall-cmd —get-zones<\/strong><\/p>\n\n\n\n

    \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u0438\u0441\u0445\u043e\u0434\u043d\u044b\u0439 IP-\u0430\u0434\u0440\u0435\u0441 192.168.48.150 \u0438\u043b\u0438 \u0441\u0435\u0442\u044c 192.168.48.0\/24 \u0443\u043a\u0430\u0437\u044b\u0432\u0430\u0435\u043c \u043f\u043e\u0440\u0442 5432, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u043d\u0443\u0436\u043d\u043e \u043e\u0442\u043a\u0440\u044b\u0442\u044c<\/p>\n\n\n\n

    \u0437\u0430\u0442\u0435\u043c \u043f\u0435\u0440\u0435\u0437\u0430\u043f\u0443\u0441\u043a\u0430\u0435\u043c firewalld -\u0447\u0442\u043e\u0431\u044b \u043f\u0440\u0438\u043c\u0435\u043d\u0438\u0442\u044c \u0438\u0437\u043c\u0435\u043d\u0435\u043d\u0438\u044f.<\/p>\n\n\n\n

    firewall-cmd —zone=postgre —add-source=192.168.48.0\/24 —permanent<\/strong><\/p>\n\n\n\n

    firewall-cmd —zone=postgre —add-port=5432\/tcp —permanent<\/strong><\/p>\n\n\n\n

    firewall-cmd —reload<\/strong><\/p>\n\n\n\n

    \u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438:<\/p>\n\n\n\n

    firewall-cmd —zone=mariadb-access —list-all<\/strong><\/p>\n\n\n\n

    \u041a\u0430\u043a \u0443\u0434\u0430\u043b\u0438\u0442\u044c \u043f\u043e\u0440\u0442 \u0438 \u0437\u043e\u043d\u0443 \u0438\u0437 Firewalld<\/p>\n\n\n\n

    firewall-cmd —zone=postgre —remove-source=192.168.48.0\/24 —permanent<\/strong><\/p>\n\n\n\n

    firewall-cmd —reload<\/strong><\/p>\n\n\n\n

    \u0423\u0434\u0430\u043b\u044f\u0435\u043c \u043f\u043e\u0440\u0442 \u0438\u0437 \u0437\u043e\u043d\u044b:<\/p>\n\n\n\n

    firewall-cmd —zone=postgre —remove-port=5432\/tcp —permanent<\/strong><\/p>\n\n\n\n

    firewall-cmd —reload<\/strong><\/p>\n\n\n\n

    \u0423\u0434\u0430\u043b\u0438\u0442\u044c \u0437\u043e\u043d\u0443:<\/p>\n\n\n\n

    firewall-cmd —permanent —delete-zone=postgre<\/strong><\/p>\n\n\n\n

    firewall-cmd —reload<\/strong><\/p>\n\n\n\n

    \u041f\u0440\u0430\u0432\u0438\u043b\u0430 firewalld rich.<\/p>\n\n\n\n

    firewall-cmd —permanent \u2013zone=postgre —add-rich-rule=’rule family=»ipv4″ source address=»192.168.48.0\/24″ port protocol=»tcp» port=»5432″ accept’<\/strong><\/p>\n\n\n\n

    <\/p>\n\n\n\n

    \u0418\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f firewalld, \u0432\u044b \u043c\u043e\u0436\u0435\u0442\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u043e\u0432<\/strong>, \u0447\u0442\u043e\u0431\u044b \u043b\u044e\u0431\u043e\u0439 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0439 \u0442\u0440\u0430\u0444\u0438\u043a, \u043a\u043e\u0442\u043e\u0440\u044b\u0439 \u0434\u043e\u0441\u0442\u0438\u0433\u0430\u0435\u0442 \u043e\u043f\u0440\u0435\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u043f\u043e\u0440\u0442\u0430 \u0432 \u0432\u0430\u0448\u0435\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u0435, \u0434\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u043b\u0441\u044f \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u0439 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043f\u043e\u0440\u0442 \u043f\u043e \u0432\u0430\u0448\u0435\u043c\u0443 \u0432\u044b\u0431\u043e\u0440\u0443 \u0438\u043b\u0438 \u043d\u0430 \u0432\u043d\u0435\u0448\u043d\u0438\u0439 \u043f\u043e\u0440\u0442 \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u043c \u043a\u043e\u043c\u043f\u044c\u044e\u0442\u0435\u0440\u0435.
    \u0414\u043e\u0431\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u043e\u0440\u0442\u0430 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f<\/a><\/strong>
    \u041f\u0440\u0435\u0436\u0434\u0435 \u0447\u0435\u043c \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u0442\u0440\u0430\u0444\u0438\u043a \u0441 \u043e\u0434\u043d\u043e\u0433\u043e \u043f\u043e\u0440\u0442\u0430 \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u0439 \u043f\u043e\u0440\u0442 \u0438\u043b\u0438 \u0434\u0440\u0443\u0433\u043e\u0439 \u0430\u0434\u0440\u0435\u0441, \u0432\u0430\u043c \u043d\u0443\u0436\u043d\u043e \u0437\u043d\u0430\u0442\u044c \u0442\u0440\u0438 \u0432\u0435\u0449\u0438: \u043d\u0430 \u043a\u0430\u043a\u043e\u0439 \u043f\u043e\u0440\u0442 \u043f\u0440\u0438\u0445\u043e\u0434\u044f\u0442 \u043f\u0430\u043a\u0435\u0442\u044b, \u043a\u0430\u043a\u043e\u0439 \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u0435\u0442\u0441\u044f \u0438 \u043a\u0443\u0434\u0430 \u0432\u044b \u0445\u043e\u0442\u0438\u0442\u0435 \u0438\u0445 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c.

    \u0427\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u0440\u0442 \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u0439 \u043f\u043e\u0440\u0442:<\/p>\n\n\n\n

    firewall-cmd —add-forward-port=port=port-number:proto=tcp|udp|sctp|dccp:toport=port-number<\/strong><\/p>\n\n\n\n

    <\/p>\n\n\n\n

    \u0427\u0442\u043e\u0431\u044b \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u0438\u0442\u044c \u043f\u043e\u0440\u0442 \u043d\u0430 \u0434\u0440\u0443\u0433\u043e\u0439 \u043f\u043e\u0440\u0442 \u0441 \u0434\u0440\u0443\u0433\u0438\u043c IP-\u0430\u0434\u0440\u0435\u0441\u043e\u043c:
    <\/p>\n\n\n\n

    \u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c\n \u043f\u043e\u0440\u0442 \u0434\u043b\u044f \u043f\u0435\u0440\u0435\u0430\u0434\u0440\u0435\u0441\u0430\u0446\u0438\u0438:\n\n\n firewall-cmd --add-forward-port=port=port-number:proto=tcp|udp:toport=port-number:toaddr=IP<\/strong>\n\n\u0414\u043e\u0431\u0430\u0432\u043b\u044f\u0435\u043c \u043c\u0430\u0441\u043a\u0430\u0440\u0430\u0434\u0438\u043d\u0433 \n\nfirewall-cmd --add-masquerade<\/strong>\n\n\u0423\u0434\u0430\u043b\u044f\u0435\u043c \u043c\u0430\u0441\u043a\u0430\u0440\u0430\u0434\u0438\u043d\u0433\n\nfirewall-cmd --remove-masquerade<\/strong>\n\n\u041f\u0440\u0438\u043c\u0435\u0440 \u043f\u0435\u0440\u0435\u043d\u0430\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441 80 \u043d\u0430 88 \u043f\u043e\u0440\u0442:\n\n\n\n firewall-cmd --add-forward-port=port=80:proto=tcp:toport=88<\/strong>\n\n \u0421\u0434\u0435\u043b\u0430\u0439\u0442\u0435 \u043d\u043e\u0432\u044b\u0435 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438 \u043f\u043e\u0441\u0442\u043e\u044f\u043d\u043d\u044b\u043c\u0438:\n\nfirewall-cmd --runtime-to-permanent<\/strong>\n\n\u041f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u043c \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0438:\n\nfirewall-cmd --list-all <\/strong><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
    \u0441\u0442\u0430\u0442\u044c\u044f \u043f\u0440\u043e firewall-cmd \u043d\u0430 \u0430\u043d\u0433\u043b\u0438\u0439\u0441\u043a\u043e\u043c \u044f\u0437\u044b\u043a\u0435 \u0415\u0441\u043b\u0438 \u043d\u0443\u0436\u043d\u043e \u0437\u0430\u0431\u043b\u043e\u043a\u0438\u0440\u043e\u0432\u0430\u0442\u044c \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0435 tcp \u043f\u0430\u043a\u0435\u0442\u044b \u043f\u043e\u0441\u0442\u0443\u043f\u0430\u044e\u0449\u0438\u0435 \u0441 \u0430\u0434\u0440\u0435\u0441\u0430 165.232.186.196 firewall-cmd —add-rich-rule=’rule family=»ipv4″ source<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,22],"tags":[],"class_list":["post-2754","post","type-post","status-publish","format-standard","hentry","category-internet","category-technology"],"_links":{"self":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/2754","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/comments?post=2754"}],"version-history":[{"count":15,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/2754\/revisions"}],"predecessor-version":[{"id":5977,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/posts\/2754\/revisions\/5977"}],"wp:attachment":[{"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/media?parent=2754"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/categories?post=2754"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/surgery.moscow\/smos\/wp-json\/wp\/v2\/tags?post=2754"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}