teratail
回答率
85.37%
teratail 10th-anniversary
teratail 10th-anniversary
質問するログイン新規登録
トップに関する質問CentOS7のfirewalldで設定しても、dockerで開いた無許可のポートに外部からアクセスできてしまう。

編集履歴

質問編集履歴

1

`firewall-cmd --list-all-zone` の結果を追記

2017/01/04 05:11

投稿

kotatsu_hal
kotatsu_hal

スコア34

test CHANGED
File without changes
test CHANGED
@@ -77,3 +77,281 @@
77
77
  動作確認しているOSは、さくらのクラウドの `CentOS Linux release 7.3.1611 (Core)`です。
78
78
 
79
79
  よろしくお願いいたします。
80
+
81
+
82
+
83
+ 一応、`firewall-cmd --list-all-zone` の結果を以下に記載します。
84
+
85
+
86
+
87
+ ```
88
+
89
+ [root@server]# firewall-cmd --list-all-zone
90
+
91
+ work
92
+
93
+ target: default
94
+
95
+ icmp-block-inversion: no
96
+
97
+ interfaces:
98
+
99
+ sources:
100
+
101
+ services: dhcpv6-client ssh
102
+
103
+ ports:
104
+
105
+ protocols:
106
+
107
+ masquerade: no
108
+
109
+ forward-ports:
110
+
111
+ sourceports:
112
+
113
+ icmp-blocks:
114
+
115
+ rich rules:
116
+
117
+
118
+
119
+
120
+
121
+ drop
122
+
123
+ target: DROP
124
+
125
+ icmp-block-inversion: no
126
+
127
+ interfaces:
128
+
129
+ sources:
130
+
131
+ services:
132
+
133
+ ports:
134
+
135
+ protocols:
136
+
137
+ masquerade: no
138
+
139
+ forward-ports:
140
+
141
+ sourceports:
142
+
143
+ icmp-blocks:
144
+
145
+ rich rules:
146
+
147
+
148
+
149
+
150
+
151
+ internal
152
+
153
+ target: default
154
+
155
+ icmp-block-inversion: no
156
+
157
+ interfaces:
158
+
159
+ sources:
160
+
161
+ services: dhcpv6-client http https mdns samba-client ssh
162
+
163
+ ports:
164
+
165
+ protocols:
166
+
167
+ masquerade: no
168
+
169
+ forward-ports:
170
+
171
+ sourceports:
172
+
173
+ icmp-blocks:
174
+
175
+ rich rules:
176
+
177
+
178
+
179
+
180
+
181
+ external
182
+
183
+ target: default
184
+
185
+ icmp-block-inversion: no
186
+
187
+ interfaces:
188
+
189
+ sources:
190
+
191
+ services: ssh
192
+
193
+ ports:
194
+
195
+ protocols:
196
+
197
+ masquerade: yes
198
+
199
+ forward-ports:
200
+
201
+ sourceports:
202
+
203
+ icmp-blocks:
204
+
205
+ rich rules:
206
+
207
+
208
+
209
+
210
+
211
+ trusted
212
+
213
+ target: ACCEPT
214
+
215
+ icmp-block-inversion: no
216
+
217
+ interfaces:
218
+
219
+ sources:
220
+
221
+ services:
222
+
223
+ ports:
224
+
225
+ protocols:
226
+
227
+ masquerade: no
228
+
229
+ forward-ports:
230
+
231
+ sourceports:
232
+
233
+ icmp-blocks:
234
+
235
+ rich rules:
236
+
237
+
238
+
239
+
240
+
241
+ home
242
+
243
+ target: default
244
+
245
+ icmp-block-inversion: no
246
+
247
+ interfaces:
248
+
249
+ sources:
250
+
251
+ services: dhcpv6-client mdns samba-client ssh
252
+
253
+ ports:
254
+
255
+ protocols:
256
+
257
+ masquerade: no
258
+
259
+ forward-ports:
260
+
261
+ sourceports:
262
+
263
+ icmp-blocks:
264
+
265
+ rich rules:
266
+
267
+
268
+
269
+
270
+
271
+ dmz
272
+
273
+ target: default
274
+
275
+ icmp-block-inversion: no
276
+
277
+ interfaces:
278
+
279
+ sources:
280
+
281
+ services: ssh
282
+
283
+ ports:
284
+
285
+ protocols:
286
+
287
+ masquerade: no
288
+
289
+ forward-ports:
290
+
291
+ sourceports:
292
+
293
+ icmp-blocks:
294
+
295
+ rich rules:
296
+
297
+
298
+
299
+
300
+
301
+ public (active)
302
+
303
+ target: default
304
+
305
+ icmp-block-inversion: no
306
+
307
+ interfaces: eth0
308
+
309
+ sources:
310
+
311
+ services: dhcpv6-client http https ssh
312
+
313
+ ports:
314
+
315
+ protocols:
316
+
317
+ masquerade: no
318
+
319
+ forward-ports:
320
+
321
+ sourceports:
322
+
323
+ icmp-blocks:
324
+
325
+ rich rules:
326
+
327
+
328
+
329
+
330
+
331
+ block
332
+
333
+ target: %%REJECT%%
334
+
335
+ icmp-block-inversion: no
336
+
337
+ interfaces:
338
+
339
+ sources:
340
+
341
+ services:
342
+
343
+ ports:
344
+
345
+ protocols:
346
+
347
+ masquerade: no
348
+
349
+ forward-ports:
350
+
351
+ sourceports:
352
+
353
+ icmp-blocks:
354
+
355
+ rich rules:
356
+
357
+ ```