2014\u5e742\u670814\u65e5\u3000\u554f\u984c\u306e\u6838\u5fc3\u306finit\u306b\u3042\u3089\u305a \u2500Ubuntu\u306e\u5b64\u7acb<\/a><\/p>\n\u30bf\u30a4\u30c8\u30eb\u306b\u3082\u66f8\u3044\u3066\u3042\u308a\u307e\u3059\u304c\u3001Fedora\uff0fRed Hat\uff0copenSUSE\u3001\u306a\u3069\u6bd4\u8f03\u7684\u30e1\u30b8\u30e3\u30fc\u306a\u30c7\u30a3\u30b9\u30c8\u30ea\u306fsystemd\u3092\u63a1\u7528\u3057\u3064\u3064\u3042\u308b\u3089\u3057\u304f\u3001Debian\u3082\u4e00\u5fdc\u5229\u7528\u53ef\u80fd\u3068\u3044\u3046\u4e8b\u3067systemd\u304c\u4f7f\u3048\u308b\u305d\u3046\u3060\u3002<\/p>\n
\u305d\u3093\u306a\u8a33\u3067\u3001CentOS\u3082systemd\u306a\u3093\u3060\u3051\u3069\u3001\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u56de\u308a\u3082\u7d50\u69cb\u5909\u308f\u3063\u3066\u3044\u3066\u3001\u30bf\u30a4\u30c8\u30eb\u306e\u901a\u308a\u3001ssh\u306e\u5165\u308a\u53e3\u3092\u30ed\u30fc\u30ab\u30eb\u3060\u3051\u306b\u3057\u305f\u3044\u3068\u304d\u3001\u4f8b\u3048\u3070\u5165\u53e3\u3068\u306a\u308b\u30b5\u30fc\u30d0\u30fc\u3060\u3051ssh\u3092\u958b\u3051\u3066\u304a\u3044\u3066\u3001\u4ed6\u306e\u30b5\u30fc\u30d0\u30fc\u306f\u30b0\u30ed\u30fc\u30d0\u30eb\u306assh\u306f\u9589\u3058\u3066\u3044\u308b\u3068\u3044\u3046\u69cb\u6210\u306b\u3057\u305f\u3044\u6642\u306b\u3001iptables\u3067\u306f\u7c21\u5358\u306b\u3067\u304d\u3066\u3044\u305f\u306e\u3060\u3051\u3069\u3001firewalld\u3068\u3044\u3046\u3082\u306e\u306b\u306a\u3063\u305f\u3089\u5c11\u3057\u30b9\u30c6\u30c3\u30d7\u3092\u8e0f\u3080\u5fc5\u8981\u304c\u3042\u3063\u305f\u306e\u3067\u3001\u4f5c\u696d\u30e1\u30e2\u3057\u3066\u304a\u3053\u3046\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\u3068\u308a\u3042\u3048\u305a\u3001\u3088\u304f\u4f7f\u3044\u305d\u3046\u306a\u30b3\u30de\u30f3\u30c9\u305f\u3061\u3092\u3002<\/p>\n
[root@cent7 ~]# firewall-cmd -h | grep service\r\n\u00a0 --get-services\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Print predefined services [P]\r\n\u00a0 --new-service=<service>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Add a new service [P only]\r\n\u00a0 --delete-service=<service>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Delete and existing service [P only]\r\n\u00a0 --list-services\u00a0\u00a0\u00a0\u00a0\u00a0 List services added for a zone [P] [Z]\r\n\u00a0 --add-service=<service>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Add a service for a zone [P] [Z] [T]\r\n\u00a0 --remove-service=<service>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Remove a service from a zone [P] [Z]\r\n\u00a0 --query-service=<service>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Return whether service has been added for a zone [P] [Z]<\/pre>\n[root@cent7 ~]# firewall-cmd -h | grep inter\r\n\u00a0 --get-default-zone\u00a0\u00a0 Print default zone for connections and interfaces\r\n\u00a0 --get-zone-of-interface=<interface>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Print name of the zone the interface is bound to [P]\r\n\u00a0 --list-interfaces\u00a0\u00a0\u00a0 List interfaces that are bound to a zone [P] [Z]\r\n\u00a0 --add-interface=<interface>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Bind the <interface> to a zone [P] [Z]\r\n\u00a0 --change-interface=<interface>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Change zone the <interface> is bound to [Z]\r\n\u00a0 --query-interface=<interface>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Query whether <interface> is bound to a zone [P] [Z]\r\n\u00a0 --remove-interface=<interface>\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 Remove binding of <interface> from a zone [P] [Z]<\/pre>\n <\/p>\n
\u81ea\u5df1\u6d41\u306b\u3084\u3063\u305f\u306e\u3067\u3001\u4f55\u304b\u3042\u308c\u3070\u6559\u3048\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n
\u307e\u305a\u306fLAN\u5074\u306e\u30a4\u30f3\u30bf\u30fc\u30d5\u30a7\u30fc\u30b9\u3092public\u304b\u3089home\u3078\u3002
\nremove>add\u3058\u3083\u306a\u304f\u3001change\u3055\u305b\u307e\u3059\u3002<\/p>\n
[root@cent7 ~]# firewall-cmd --change-interface=ens4 --zone=home\r\nsuccess\r\n\r\nhome (active)\r\n\u00a0 interfaces: ens4\r\n\u00a0 services: dhcpv6-client ipp-client mdns samba-client ssh\r\n\u00a0 icmp-blocks:\r\n\r\npublic (default, active)\r\n\u00a0 interfaces: ens3\r\n\u00a0 services: dhcpv6-client ssh\r\n\u00a0 icmp-blocks:\r\n\r\n<\/pre>\n\u7d9a\u3044\u3066\u3001public\u306essh\u3092\u62d2\u5426\u3057\u307e\u3059\u3068\u3044\u3046\u304b\u3001\u524a\u9664\u3057\u307e\u3059\u3002<\/p>\n
[root@cent7 ~]# firewall-cmd --remove-service=ssh --zone=public\r\nsuccess\r\n\r\nhome (active)\r\n\u00a0 interfaces: ens4\r\n\u00a0 services: dhcpv6-client ipp-client mdns samba-client ssh\r\n\u00a0 icmp-blocks:\r\n\r\npublic (default, active)\r\n\u00a0 interfaces: ens3\r\n\u00a0 services: dhcpv6-client\r\n\u00a0 icmp-blocks:\r\n\r\n<\/pre>\n\u7d42\u308f\u308a\u3067\u3059\u3002<\/p>\n
ifconfig\u3082\u30c7\u30d5\u30a9\u3067\u306f\u306a\u304f\u306a\u308a\u3001ip\u30b3\u30de\u30f3\u30c9\u304c\u4e2d\u5fc3\u306b\u306a\u308b\u306e\u304b\u3069\u3046\u304b\u77e5\u308a\u307e\u305b\u3093\u304c\u3001\u4eca\u306e\u30c7\u30d5\u30a1\u30af\u30c8\u30b9\u30bf\u30f3\u30c0\u30fc\u30c9\u3067\u3082ip\u30b3\u30de\u30f3\u30c9\u306f\u5165\u3063\u3066\u3044\u308b\u3088\u3046\u306a\u306e\u3067\u3001\u4eca\u306e\u3046\u3061\u304b\u3089\u610f\u8b58\u3057\u3066\u3064\u304b\u3063\u3066\u304a\u304f\u306e\u3082\u3044\u3044\u304b\u3082\u3057\u308c\u306a\u3044\u3067\u3059\u306d\u3002<\/p>\n
\u9762\u767d\u3044\u3053\u3068\u306b<\/p>\n
$ ip\r\nUsage: ip [ OPTIONS ] OBJECT { COMMAND | help }\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 ip [ -force ] -batch filename\r\nwhere\u00a0 OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 tunnel | tuntap | maddr | mroute | mrule | monitor | xfrm |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 netns | l2tp | tcp_metrics | token }\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 OPTIONS := { -V[ersion] | -s[tatistics] | -d[etails] | -r[esolve] |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 -f[amily] { inet | inet6 | ipx | dnet | bridge | link } |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 -4 | -6 | -I | -D | -B | -0 |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 -l[oops] { maximum-addr-flush-attempts } |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 -o[neline] | -t[imestamp] | -b[atch] [filename] |\r\n\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 -rc[vbuf] [size]}<\/pre>\n\u982d\u6587\u5b57\u3060\u3051\u3067\u3082\u3044\u3051\u308b\u3088\u3046\u3067\u3059\u3002
\n\u6700\u521d\u304c\u88ab\u3063\u3066\u308b\u3084\u3064\u306f2\u6587\u5b57\u76ee\u307e\u3067\u5165\u308c\u305f\u3089\u3044\u3051\u308b\u3063\u307d\u3044\u3002<\/p>\n
$ ip to\r\ntoken :: dev ens3\r\ntoken :: dev ens4<\/pre>\n <\/p>\n
<\/p>\n