{"id":7687,"date":"2021-04-26T15:03:42","date_gmt":"2021-04-26T06:03:42","guid":{"rendered":"https:\/\/www.secuavail.com\/kb\/?p=7687"},"modified":"2024-08-26T15:55:03","modified_gmt":"2024-08-26T06:55:03","slug":"tb-210427_01","status":"publish","type":"post","link":"https:\/\/www.secuavail.com\/kb\/tech-blog\/tb-210427_01\/","title":{"rendered":"Linux\u306b\u3066\u7279\u5b9a\u306e\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u3092\u8a31\u53ef\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u4f8b"},"content":{"rendered":"<p>\u5f53\u8a18\u4e8b\u3067\u306f\u3001Linux\u306b\u3066\u7279\u5b9a\u306e\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u3092\u8a31\u53ef\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u4f8b\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u307e\u3059\u3002<\/p>\n<h2>\u524d\u63d0\u6761\u4ef6<\/h2>\n<ul style=\"list-style-type: disc;\">\n<li>\u5f53\u8a18\u4e8b\u3067\u306fhttp\u30b5\u30fc\u30d3\u30b9\u306e\u30dd\u30fc\u30c8\u3092TCP\/80\u306e\u524d\u63d0\u3067\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<li>\u5f53\u8a18\u4e8b\u306e\u624b\u9806\u306f\u3059\u3079\u3066\u7ba1\u7406\u8005\u6a29\u9650\u306b\u3066\u5b9f\u65bd\u3057\u3066\u3044\u307e\u3059\u3002<\/li>\n<li>\u5f53\u8a18\u4e8b\u306e\u8a18\u8f09\u5185\u5bb9\u306f\u4e0b\u8a18\u74b0\u5883\u306b\u3066\u5b9f\u65bd\u3057\u305f\u3082\u306e\u3067\u3059\u3002<\/li>\n<li>\u5f53\u8a18\u4e8b\u5185\u306e\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u5236\u5fa1\u8a2d\u5b9a\u306f\u3042\u304f\u307e\u3067<strong><span style=\"color: #ff0000;\">\u4e00\u4f8b<\/span><\/strong>\u3067\u3059\u3002<\/li>\n<\/ul>\n<table style=\"height: 48px; width: 700px;\" width=\"713\">\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"font-weight: 400; width: 295.799px; height: 24px;\">OS<\/td>\n<td style=\"font-weight: 400; width: 390.243px; height: 24px;\">CentOS7.8<\/td>\n<\/tr>\n<\/tbody>\n<tbody>\n<tr style=\"height: 24px;\">\n<td style=\"font-weight: 400; width: 295.799px; height: 24px;\">firewalld<\/td>\n<td style=\"font-weight: 400; width: 390.243px; height: 24px;\">0.6.3<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u4e8b\u524d\u8a2d\u5b9a<\/h2>\n<ul style=\"list-style-type: disc;\">\n<li>\u4e8b\u524d\u306b\u4e0b\u8a18\u306e\u30b3\u30de\u30f3\u30c9\u306b\u3066\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u5236\u5fa1\u3092\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<pre class=\"lang:default highlight:0 decode:true\"># firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 1 -p icmp --icmp-type 0 -j ACCEPT\r\nsuccess\r\n# cat \/proc\/sys\/net\/ipv4\/ip_local_port_range\r\n32768   60999\r\n# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 2 -p tcp --dport 32768:60999 -j ACCEPT\r\nsuccess\r\n# firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 65000 -p tcp -j REJECT\r\nsuccess\r\n# firewall-cmd --reload\r\nsuccess\r\n# iptables -nvL --line-numbers\r\n\uff5e\u7701\u7565\uff5e\r\nChain OUTPUT_direct (1 references)\r\nnum   pkts bytes target     prot opt in     out     source               destination      \r\n1        0     0 ACCEPT     icmp --  *      *       0.0.0.0\/0            0.0.0.0\/0            icmptype 0\r\n2     2997 8558K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            tcp dpts:32768:60999\r\n3       84  5040 REJECT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            reject-with icmp-port-unreachable<\/pre>\n<h2>\u5916\u90e8\u306ehttp\u30b5\u30fc\u30d3\u30b9\u306b\u30a2\u30af\u30bb\u30b9\u3059\u308b\u5834\u5408<\/h2>\n<ul style=\"list-style-type: disc;\">\n<li>\u30c0\u30a4\u30ec\u30af\u30c8\u30eb\u30fc\u30eb\u306b\u3066\u8a2d\u5b9a\u3057\u307e\u3059\u3002Chain OUTPUT_direct\u306b\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u3067\u5b9b\u5148TCP\/80\u756a\u5b9b\u901a\u4fe1\u306e\u8a31\u53ef\u8a2d\u5b9a\u3092\u6295\u5165\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<pre class=\"lang:default highlight:0 decode:true\"># firewall-cmd --permanent --direct --add-rule ipv4 filter OUTPUT 3 -p tcp --dport 80 -j ACCEPT\r\nsuccess\r\n# firewall-cmd --reload \r\nsuccess\r\n# iptables -nvL --line-numbers\r\n\uff5e\u7701\u7565\uff5e\r\nChain OUTPUT_direct (1 references)\r\nnum   pkts bytes target     prot opt in     out     source               destination      \r\n1        0     0 ACCEPT     icmp --  *      *       0.0.0.0\/0            0.0.0.0\/0            icmptype 0\r\n2     1156  145K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            tcp dpts:32768:60999\r\n3        0     0 ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            tcp dpt:80\r\n4    38026 2281K REJECT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            reject-with icmp-port-unreachable<\/pre>\n<ul style=\"list-style-type: disc;\">\n<li>\u8ffd\u52a0\u3057\u305f\u30eb\u30fc\u30eb\u306e\u524a\u9664\u65b9\u6cd5\u306f\u4e0b\u8a18\u30b3\u30de\u30f3\u30c9\u306b\u3066\u5b9f\u65bd\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<pre class=\"lang:default highlight:0 decode:true\"># firewall-cmd --permanent --direct --remove-rule ipv4 filter OUTPUT 3 -p tcp --dport 80 -j ACCEPT\r\nsuccess\r\n# iptables -nvL --line-numbers\r\n\uff5e\u7701\u7565\uff5e\r\nChain OUTPUT_direct (1 references)\r\nnum   pkts bytes target     prot opt in     out     source               destination      \r\n1        0     0 ACCEPT     icmp --  *      *       0.0.0.0\/0            0.0.0.0\/0            icmptype 0\r\n2     2997 8558K ACCEPT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            tcp dpts:32768:60999\r\n3       84  5040 REJECT     tcp  --  *      *       0.0.0.0\/0            0.0.0.0\/0            reject-with icmp-port-unreachable<\/pre>\n<p>\u4ee5\u4e0a\u3067Linux\u306b\u3066\u7279\u5b9a\u306e\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u3092\u8a31\u53ef\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u4f8b\u306b\u3064\u3044\u3066\u306e\u8aac\u660e\u306f\u7d42\u4e86\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"\u5f53\u8a18\u4e8b\u3067\u306f\u3001Linux\u306b\u3066\u7279\u5b9a\u306e\u30a2\u30a6\u30c8\u30d0\u30a6\u30f3\u30c9\u901a\u4fe1\u3092\u8a31\u53ef\u3059\u308b\u305f\u3081\u306e\u8a2d\u5b9a\u4f8b\u306b\u3064\u3044\u3066\u8a18\u8f09\u3057\u307e\u3059\u3002 \u524d\u63d0\u6761\u4ef6 \u5f53\u8a18\u4e8b\u3067\u306fhttp\u30b5\u30fc\u30d3\u30b9\u306e\u30dd\u30fc\u30c8\u3092TCP\/80\u306e\u524d\u63d0\u3067\u8a18\u8f09\u3057\u3066\u3044\u307e\u3059\u3002 \u5f53\u8a18\u4e8b\u306e\u624b\u9806\u306f\u3059\u3079\u3066\u7ba1\u7406\u8005\u6a29\u9650\u306b\u3066\u5b9f\u65bd\u3057\u3066 [&hellip;]","protected":false},"author":8,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[2],"tags":[9],"class_list":["post-7687","post","type-post","status-publish","format-standard","hentry","category-tech-blog","tag-linux"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/7687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/comments?post=7687"}],"version-history":[{"count":16,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/7687\/revisions"}],"predecessor-version":[{"id":7813,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/posts\/7687\/revisions\/7813"}],"wp:attachment":[{"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/media?parent=7687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/categories?post=7687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.secuavail.com\/kb\/wp-json\/wp\/v2\/tags?post=7687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}