質問編集履歴
1
ipsec サービス定義を追加
test
CHANGED
|
File without changes
|
test
CHANGED
|
@@ -375,3 +375,35 @@
|
|
|
375
375
|
```
|
|
376
376
|
|
|
377
377
|
AllowZoneDrifting は将来無効になるとのことですが、とりあえず CentOS7 の libreswan-3.25-8.1.el7_7.x86_64 のデフォルトのままとしています。
|
|
378
|
+
|
|
379
|
+
|
|
380
|
+
|
|
381
|
+
【ipsec サービス定義】
|
|
382
|
+
|
|
383
|
+
|
|
384
|
+
|
|
385
|
+
```ここに言語を入力
|
|
386
|
+
|
|
387
|
+
vagrant@vs1:~$ cat /usr/lib/firewalld/services/ipsec.xml
|
|
388
|
+
|
|
389
|
+
<?xml version="1.0" encoding="utf-8"?>
|
|
390
|
+
|
|
391
|
+
<service>
|
|
392
|
+
|
|
393
|
+
<short>IPsec</short>
|
|
394
|
+
|
|
395
|
+
<description>Internet Protocol Security (IPsec) incorporates security for network transmissions directly into the Internet Protocol (IP). IPsec provides methods for both encrypting data and authentication for the host or network it sends to. If you plan to use a vpnc server or FreeS/WAN, do not disable this option.</description>
|
|
396
|
+
|
|
397
|
+
<port protocol="ah" port=""/>
|
|
398
|
+
|
|
399
|
+
<port protocol="esp" port=""/>
|
|
400
|
+
|
|
401
|
+
<port protocol="udp" port="500"/>
|
|
402
|
+
|
|
403
|
+
<port protocol="udp" port="4500"/>
|
|
404
|
+
|
|
405
|
+
</service>
|
|
406
|
+
|
|
407
|
+
|
|
408
|
+
|
|
409
|
+
```(デフォルトのまま)
|