Untuk dapat memahami firewalld ini kita perlu memahami konfigurasi yang digunakan. Kita akan menelusuri directory konfigurasi awal hingga ke konfigurasi detil. Artikel ini merupakan kelanjutan dari https://www.proweb.co.id/articles/firewalld/aktifkan-ftp.html .
Kita akan menelusuri konfigurasi firewalld
-
- Isi dari /etc/firewalld :
[root@mail5 ~]# ls /etc/firewalld firewalld.conf helpers icmptypes ipsets lockdown-whitelist.xml services zones [root@mail5 ~]# ls /etc/firewalld/services [root@mail5 ~]# ls /etc/firewalld/zones public.xml
- Isi dari /etc/firewalld/firewalld.conf :
# firewalld config file
# default zone
# The default zone used if an empty zone string is used.
# Default: public
DefaultZone=public# Minimal mark
# Marks up to this minimum are free for use for example in the direct
# interface. If more free marks are needed, increase the minimum
# Default: 100
MinimalMark=100# Clean up on exit
# If set to no or false the firewall configuration will not get cleaned up
# on exit or stop of firewalld
# Default: yes
CleanupOnExit=yes# Lockdown
# If set to enabled, firewall changes with the D-Bus interface will be limited
# to applications that are listed in the lockdown whitelist.
# The lockdown whitelist file is lockdown-whitelist.xml
# Default: no
Lockdown=no# IPv6_rpfilter
# Performs a reverse path filter test on a packet for IPv6. If a reply to the
# packet would be sent via the same interface that the packet arrived on, the
# packet will match and be accepted, otherwise dropped.
# The rp_filter for IPv4 is controlled using sysctl.
# Default: yes
IPv6_rpfilter=yes# IndividualCalls
# Do not use combined -restore calls, but individual calls. This increases the
# time that is needed to apply changes and to start the daemon, but is good for
# debugging.
# Default: no
IndividualCalls=no# LogDenied
# Add logging rules right before reject and drop rules in the INPUT, FORWARD
# and OUTPUT chains for the default rules and also final reject and drop rules
# in zones. Possible values are: all, unicast, broadcast, multicast and off.
# Default: off
LogDenied=off# AutomaticHelpers
# For the secure use of iptables and connection tracking helpers it is
# recommended to turn AutomaticHelpers off. But this might have side effects on
# other services using the netfilter helpers as the sysctl setting in
# /proc/sys/net/netfilter/nf_conntrack_helper will be changed.
# With the system setting, the default value set in the kernel or with sysctl
# will be used. Possible values are: yes, no and system.
# Default: system
AutomaticHelpers=system - Isi /etc/firewalld/zones/public.xml :
<?xml version=”1.0″ encoding=”utf-8″?>
<zone>
<short>Public</short>
<description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description>
<service name=”ssh”/>
<service name=”dhcpv6-client”/>
<service name=”ftp”/>
</zone> - File konfigurasi ftp yang terkait:
[root@mail5 ~]# ls /etc/firewalld/services/ [root@mail5 ~]# ls /usr/lib/firewalld/services/ | grep ftp.xml ftp.xml
- Isi ftp.xml:
[root@mail5 ~]# cat /usr/lib/firewalld/services/ftp.xml
<?xml version=”1.0″ encoding=”utf-8″?>
<service>
<short>FTP</short>
<description>FTP is a protocol used for remote file transfer. If you plan to make your FTP server publicly available, enable this option. You need the vsftpd package installed for this option to be useful.</description>
<port protocol=”tcp” port=”21″/>
<module name=”nf_conntrack_ftp”/>
</service>
- Isi dari /etc/firewalld :
Informasi lebih lanjut silahkan mengunjungi
1. https://firewalld.org/documentation/
2. https://firewalld.org/documentation/concepts.html
3. https://firewalld.org/documentation/configuration/directories.html .
Kunjungi www.proweb.co.id untuk menambah wawasan anda.