Centos 7 방화벽은 기본적으로 작동하지 않습니다

tag-icon tag-icon centos kernel security firewall
Centos 7 방화벽은 기본적으로 작동하지 않습니다

나는 godaddy의 vps를 가지고 있으며 기사에서 언급했듯이 내 시스템에는 centos 7이 있습니다. 서버를 시작할 때 가장 먼저 하는 일은 다음과 같습니다.

$ yum update
$  yum install firewalld
$  systemctl start firewalld
$ systemctl enable firewalld
$ firewall-cmd --state
not running

서식 지정 및 기타 작업을 계속해서 시도했지만 여전히 이 문제가 발생합니다.

또한 내가 시도할 때

$ firewall-cmd --reload
Error: COMMAND_FAILED

방화벽 상태입니다

firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: active (running) since Sun 2017-12-17 04:31:45 MST; 23h ago
     Docs: man:firewalld(1)
 Main PID: 131 (firewalld)
   CGroup: /system.slice/firewalld.service
           └─131 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

Dec 17 04:34:37 s132-148-146-167.secureserver.net firewalld[131]: WARNING: '/usr/sbin/ebtables-restore --noflush' failed: The kernel doesn't support the ebtables 'broute' table.
Dec 17 04:34:37 s132-148-146-167.secureserver.net firewalld[131]: ERROR: COMMAND_FAILED
Dec 17 04:43:21 s132-148-146-167.secureserver.net firewalld[131]: WARNING: ALREADY_ENABLED: ftp
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: ipset not usable, disabling ipset usage in firewall.
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno 2] No such file or directory: '/proc/sys/net/netfilter/nf_conntrack_helper'
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: Failed to get and parse nf_conntrack_helper setting
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: INVALID_HELPER: 'nf_conntrack_ftp' is not available
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: '/usr/sbin/iptables-restore --wait=2 -n' failed: iptables-restore: line 64 failed
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: WARNING: '/usr/sbin/ebtables-restore --noflush' failed: The kernel doesn't support the ebtables 'broute' table.
Dec 18 03:46:03 s132-148-146-167.secureserver.net firewalld[131]: ERROR: COMMAND_FAILED

도와주세요. 내가 뭔가 잘못하고 있는 걸까, 아니면 뭔가 부족한 걸까? 이것이 내 운영 체제의 기본 방화벽 버그입니까? 이에 대해 GoDaddy를 비난해야 합니까?

Firewalld 로그에 표시되는 오류입니다.

WARNING: ip6tables not usable, disabling IPv6 firewall.
WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.

답변1

ebtables에 문제가 있는 것 같습니다. ebtables가 설치되어 있는지 확인하세요.

rpm -V ebtables -v           (You can check meanings of output on rpm man page)

서비스를 다시 시작하고 Journalctl을 통해 상태를 확인하세요.

systemctl restart ebtables
journalctl -u ebtables.service

systemctl restart firewalld
journalctl -u firewalld.service

참고: journalctl -u firewalld.service문제 디버깅에도 더 유용합니다.

답변2

FTP 서비스가 표준 FTP 제어 포트 21을 사용하는 경우 nf_conntrack_ftp 모듈을 로드하기만 하면 됩니다.

재부팅 시 지속성을 유지하려면 다음을 사용하세요.

# cat /etc/modules-load.d/nf_conntrack_ftp.conf 
nf_conntrack_ftp

답변3

내 실수:

[root@localhost ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Mon 2018-12-17 13:38:24 CST; 1min 51s ago
     Docs: man:firewalld(1)
  Process: 6491 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=0/SUCCESS)
 Main PID: 6491 (code=exited, status=0/SUCCESS)

Dec 17 13:38:24 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Dec 17 13:38:24 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: WARNING: ipset not usable, disabling ipset usage in firewall.
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: ERROR: Failed to read file "/proc/sys/net/netfilter/nf_conntrack_helper": [Errno …_helper'
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: WARNING: Failed to get and parse nf_conntrack_helper setting
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: WARNING: iptables not usable, disabling IPv4 firewall.
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: WARNING: ip6tables not usable, disabling IPv6 firewall.
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: WARNING: ebtables not usable, disabling ethernet bridge firewall.
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: FATAL ERROR: No IPv4 and IPv6 firewall.
Dec 17 13:38:24 localhost.localdomain firewalld[6491]: ERROR: Raising SystemExit in run_server

[root@localhost ~]# iptables -L -n
iptables v1.4.21: can't initialize iptables table `filter': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

내 솔루션:

[root@localhost ~]# depmod
[root@localhost ~]# systemctl restart firewalld

관련 정보