{"id":1038,"date":"2011-06-15T00:46:06","date_gmt":"2011-06-14T15:46:06","guid":{"rendered":"http:\/\/www.prime-architect.co.jp\/myblog\/?p=1038"},"modified":"2013-12-29T00:47:09","modified_gmt":"2013-12-28T15:47:09","slug":"%e3%81%95%e3%81%8f%e3%82%89vps%e3%81%a7%e7%92%b0%e5%a2%83%e6%a7%8b%e7%af%89%e3%80%80%e3%81%9d%e3%81%ae4%e3%80%80iptable%e3%81%ae%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/www.prime-architect.co.jp\/myblog\/blog-1038","title":{"rendered":"\u3055\u304f\u3089VPS\u3067\u74b0\u5883\u69cb\u7bc9\u3000\u305d\u306e4\u3000iptable\u306e\u8a2d\u5b9a"},"content":{"rendered":"

\u524d\u56de\u306f\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u306e\u4f5c\u6210\u3067\u3057\u305f\u3002<\/p>\n

\u4eca\u56de\u306fiptables\u306e\u8a2d\u5b9a\u306b\u306a\u308a\u307e\u3059\u3002
\niptables\u306f\u7c21\u5358\u306b\u3044\u3063\u3066\u3057\u307e\u3046\u3068\u3001\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u307f\u305f\u3044\u306a\u3082\u306e\u3067\u3059\u3002
\n\u672c\u683c\u7684\u306b\u3084\u308d\u3046\u3068\u3059\u308b\u3068\u3001\u3068\u3066\u3082\u5965\u304c\u6df1\u304f\u96e3\u3057\u3044\u306e\u3067\u3059\u304c\u3001
\n\u3053\u3053\u3067\u306f\u3001\u6700\u4f4e\u9650\u3053\u308c\u3060\u3051\u3084\u3063\u3066\u304a\u3051\u3070\u5927\u4e08\u592b\u3068\u3044\u3046\u8a2d\u5b9a\u3092\u7d39\u4ecb\u3057\u307e\u3059\u3002<\/p>\n

\u307e\u305a\u306fiptables\u306e\u8a2d\u5b9a\u30d5\u30a1\u30a4\u30eb\u304c\u3042\u308b\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3078\u79fb\u52d5
\ncd \/etc\/sysconfig<\/font>
\n\u305d\u3057\u3066\u3001iptables\u306e\u8a2d\u5b9a\u3092\u78ba\u8a8d
\nless iptables<\/font><\/p>\n

\u304a\u305d\u3089\u304f\u3001\u306a\u306b\u3082\u8a2d\u5b9a\u3055\u308c\u3066\u306a\u3044\u3068\u601d\u308f\u308c\u307e\u3059\u306e\u3067\u3001vi\u30b3\u30de\u30f3\u30c9\u3067\u4ee5\u4e0b\u306e\u3088\u3046\u306b\u66f8\u304d\u63db\u3048\u307e\u3059\u3002<\/p>\n

vi iptables<\/font><\/p>\n

\n# Firewall configuration written by system-config-securitylevel
\n# Manual customization of this file is not recommended.
\n*filter
\n:INPUT ACCEPT [0:0]
\n:FORWARD ACCEPT [0:0]
\n:OUTPUT ACCEPT [0:0]
\n:RH-Firewall-1-INPUT – [0:0]
\n-A INPUT -j RH-Firewall-1-INPUT
\n-A FORWARD -j RH-Firewall-1-INPUT
\n-A RH-Firewall-1-INPUT -i lo -j ACCEPT
\n-A RH-Firewall-1-INPUT -p icmp –icmp-type any -j ACCEPT
\n-A RH-Firewall-1-INPUT -p 50 -j ACCEPT
\n-A RH-Firewall-1-INPUT -p 51 -j ACCEPT
\n-A RH-Firewall-1-INPUT -p udp –dport 5353 -d 224.0.0.251 -j ACCEPT
\n-A RH-Firewall-1-INPUT -p udp -m udp –dport 631 -j ACCEPT
\n-A RH-Firewall-1-INPUT -p tcp -m tcp –dport 631 -j ACCEPT
\n-A RH-Firewall-1-INPUT -m state –state ESTABLISHED,RELATED -j ACCEPT
\n#SSH
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 22 -j ACCEPT
\n#HTTP
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 80 -j ACCEPT
\n#FTP
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 20 -j ACCEPT
\n#FTP
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
\n#PASV
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 50000:50030 -j ACCEPT
\n#SMTP
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 25 -j ACCEPT
\n#POP3
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 110 -j ACCEPT
\n#IMAP
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 143 -j ACCEPT
\n#HTTPS
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 443 -j ACCEPT
\n#OP25B
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 587 -j ACCEPT
\n#SMTP ssl
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 465 -j ACCEPT
\n#POP3s
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 995 -j ACCEPT
\n#IMAP4s
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 993 -j ACCEPT
\n#MySQL
\n-A RH-Firewall-1-INPUT -m state –state NEW -m tcp -p tcp –dport 3306 -j ACCEPT<\/p>\n

-A RH-Firewall-1-INPUT -j REJECT –reject-with icmp-host-prohibited
\nCOMMIT\n<\/p><\/div>\n

\u4f7f\u3046\u3068\u601d\u308f\u308c\u308b\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u3072\u3068\u901a\u308a\u8a2d\u5b9a\u3057\u3066\u304a\u304d\u307e\u3059\u3002
\n\u4f7f\u308f\u306a\u3044\u3068\u601d\u308f\u308c\u308b\u30dd\u30fc\u30c8\u756a\u53f7\u304c\u3042\u308c\u3070\u884c\u306e\u5148\u982d\u3092#\u306b\u3059\u308b\u3053\u3068\u3067\u30b3\u30e1\u30f3\u30c8\u30a2\u30a6\u30c8\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3059\u3002<\/p>\n

\u307e\u305fSSH\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u309222\u3067\u8a2d\u5b9a\u3057\u3066\u3044\u307e\u3059\u304c\u3001\u3053\u306e\u307e\u307e\u3060\u3068\u3001\u30ed\u30b0\u30a4\u30f3\u30a2\u30bf\u30c3\u30af\u306e\u6a19\u7684\u306b\u306a\u308a\u307e\u3059\u306e\u3067
\n\u5909\u3048\u308b\u3053\u3068\u3092\u304a\u3059\u3059\u3081\u3057\u307e\u3059\u3002
\n\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u3048\u308b\u65b9\u6cd5\u306f\u307e\u305f\u5225\u9014\u66f8\u304f\u4e88\u5b9a\u3067\u3059\u3002<\/p>\n

\u3053\u308c\u3067\u4fdd\u5b58\u3057\u305f\u3089\u3001\u4ee5\u4e0b\u30b3\u30de\u30f3\u30c9\u3067ssh\u3092\u518d\u8d77\u52d5\u3057\u307e\u3057\u3087\u3046\u3002<\/p>\n

service sshd restart<\/font><\/p>\n

\u7d9a\u3044\u3066\u53cd\u6620\u3055\u308c\u3066\u3044\u308b\u304b\u78ba\u8a8d\u3057\u307e\u3059\u3002
\niptables -L<\/font><\/p>\n

\u3053\u3093\u306a\u611f\u3058\u306b\u306a\u3063\u3066\u3044\u308c\u3070OK\u3067\u3059\u3002<\/p>\n

\nChain INPUT (policy ACCEPT)
\ntarget prot opt source destination
\nRH-Firewall-1-INPUT all — anywhere anywhere <\/p>\n

Chain FORWARD (policy ACCEPT)
\ntarget prot opt source destination
\nRH-Firewall-1-INPUT all — anywhere anywhere <\/p>\n

Chain OUTPUT (policy ACCEPT)
\ntarget prot opt source destination <\/p>\n

Chain RH-Firewall-1-INPUT (2 references)
\ntarget prot opt source destination
\nACCEPT all — anywhere anywhere
\nACCEPT icmp — anywhere anywhere icmp any
\nACCEPT esp — anywhere anywhere
\nACCEPT ah — anywhere anywhere
\nACCEPT udp — anywhere 224.0.0.251 udp dpt:mdns
\nACCEPT udp — anywhere anywhere udp dpt:ipp
\nACCEPT tcp — anywhere anywhere tcp dpt:ipp
\nACCEPT all — anywhere anywhere state RELATED,ESTABLISHED
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:ssh
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:http
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:ftp-data
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:ftp
\nACCEPT tcp — anywhere anywhere state NEW tcp dpts:50000:50030
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:smtp
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:pop3
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:imap
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:https
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:submission
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:smtps
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:pop3s
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:imaps
\nACCEPT tcp — anywhere anywhere state NEW tcp dpt:mysql
\nREJECT all — anywhere anywhere reject-with icmp-host-prohibited <\/p>\n<\/div>\n

\u3053\u308c\u3067iptables\u306e\u8a2d\u5b9a\u304c\u5b8c\u4e86\u3067\u3059\u3002<\/p>\n

\u6b21\u306e\u8a18\u4e8b
\n\u3055\u304f\u3089VPS\u3067\u74b0\u5883\u69cb\u7bc9\u3000\u305d\u306e5\u3000apache\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb<\/a><\/p>\n

\u524d\u306e\u8a18\u4e8b
\n\u3055\u304f\u3089VPS\u3067\u74b0\u5883\u69cb\u7bc9\u3000\u305d\u306e\uff13\u3000\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u4f5c\u6210<\/p>\n","protected":false},"excerpt":{"rendered":"

\u524d\u56de\u306f\u30ed\u30b0\u30a4\u30f3\u30e6\u30fc\u30b6\u306e\u4f5c\u6210\u3067\u3057\u305f\u3002 \u4eca\u56de\u306fiptables\u306e\u8a2d\u5b9a\u306b\u306a\u308a\u307e\u3059\u3002 iptables\u306f\u7c21\u5358\u306b\u3044\u3063\u3066\u3057\u307e\u3046\u3068\u3001\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u307f\u305f\u3044\u306a\u3082\u306e\u3067\u3059\u3002 \u672c\u683c\u7684\u306b\u3084\u308d\u3046\u3068\u3059\u308b\u3068\u3001\u3068\u3066\u3082\u5965\u304c\u6df1\u304f\u96e3\u3057\u3044\u306e\u3067\u3059\u304c\u3001 \u3053\u3053\u3067\u306f\u3001 … “\u3055\u304f\u3089VPS\u3067\u74b0\u5883\u69cb\u7bc9\u3000\u305d\u306e4\u3000iptable\u306e\u8a2d\u5b9a” \u306e<\/span>\u7d9a\u304d\u3092\u8aad\u3080<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[5],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/posts\/1038"}],"collection":[{"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/comments?post=1038"}],"version-history":[{"count":2,"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/posts\/1038\/revisions"}],"predecessor-version":[{"id":1040,"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/posts\/1038\/revisions\/1040"}],"wp:attachment":[{"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/media?parent=1038"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/categories?post=1038"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.prime-architect.co.jp\/myblog\/wp-json\/wp\/v2\/tags?post=1038"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}