{"id":139,"date":"2022-06-18T22:14:07","date_gmt":"2022-06-18T13:14:07","guid":{"rendered":"https:\/\/th0x0472.net\/?p=139"},"modified":"2022-07-12T07:30:25","modified_gmt":"2022-07-11T22:30:25","slug":"ufw-iptables%e3%82%92%e7%84%a1%e5%8a%b9%e5%8c%96%e3%81%99%e3%82%8b","status":"publish","type":"post","link":"https:\/\/th0x0472.net\/index.php\/2022\/06\/18\/139\/","title":{"rendered":"ufw\/iptables\u3092\u7121\u52b9\u5316\u3059\u308b"},"content":{"rendered":"

EC2\uff0b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3092\u4f7f\u3063\u3066\u3044\u308b\u306e\u3067\u3001ufw\/iptables<\/em>\u306f\u4f7f\u3063\u3066\u3044\u307e\u305b\u3093\u3002\u3057\u304b\u3057\u3001\u306a\u3093\u3068\u306a\u304flsmod<\/em>\u3057\u305f\u3089\u3001ip_tables<\/em>\u304c\u30ed\u30fc\u30c9\u3055\u308c\u3066\u308b\u3058\u3083\u306a\u3044\u3067\u3059\u304b\u3002\u305d\u3053\u3067\u7121\u52b9\u5316\u3092\u8a66\u307f\u307e\u3057\u305f\u3002<\/p>\n

\n
$ lsmod | grep tables\r\nip_tables 32768 0\r\nx_tables 53248 1 ip_tables<\/code><\/pre>\n<\/div>\n
\u307e\u305a\u306fiptables<\/em>\u306e\u8a2d\u5b9a\u72b6\u6cc1\u3092\u78ba\u8a8d\u3057\u307e\u3059\u3002<\/p>\n
\n
$ sudo iptables -S\r\n-P INPUT ACCEPT\r\n-P FORWARD ACCEPT\r\n-P OUTPUT ACCEPT\r\n\r\n$ sudo iptables -L\r\nChain INPUT (policy ACCEPT)\r\ntarget prot opt source destination\r\n\r\nChain FORWARD (policy ACCEPT)\r\ntarget prot opt source destination\r\n\r\nChain OUTPUT (policy ACCEPT)\r\ntarget prot opt source destination\r\n<\/code><\/pre>\n<\/div>\n
\u7a7a\u3067\u3059\u306d\u3002\u8e8a\u8e87\u306a\u304f\u7121\u52b9\u5316\u3067\u304d\u307e\u3059\u3002\u3072\u3087\u3063\u3068\u3057\u305f\u3089\u30d1\u30c3\u30b1\u30fc\u30b8\u306b\u5c45\u308b\uff1f\u3068\u3075\u3068\u3072\u3089\u3081\u3044\u305f\u3089\u30d3\u30f3\u30b4\u3067\u3057\u305f\u3002<\/p>\n
\n
$ dpkg -l | egrep '(ip|nf)tables'\r\nii iptables 1.8.7-1ubuntu5 amd64 administration tools for packet filtering and NAT\r\nii libnftables1:amd64 1.0.2-1ubuntu2 amd64 Netfilter nftables high level userspace API library\r\nii libnftnl11:amd64 1.2.1-1build1 amd64 Netfilter nftables userspace API library\r\nii nftables 1.0.2-1ubuntu2 amd64 Program to control packet filtering rules by Netfilter project<\/code><\/pre>\n<\/div>\n
\u307e\u305a\u30d1\u30c3\u30b1\u30fc\u30b8\u524a\u9664\u3092\u8a66\u307f\u307e\u3059\u3002<\/p>\n
\n
$ sudo apt remove iptables nftables<\/code><\/pre>\n<\/div>\n
which iptables\u306b\u3082\u53cd\u5fdc\u306a\u304f\u306a\u308a\u307e\u3057\u305f\u3002lsmod\u3059\u308b\u3068\u307e\u3060ip_tables, x_tables\u304c\u3044\u305f\u306e\u3067rmmod\u3057\u307e\u3059\u3002\u30b5\u30fc\u30d0\u3092\u518d\u8d77\u52d5\u3057\u3066\u3001\u69d8\u5b50\u3092\u898b\u307e\u3059\u3002
\n\u307e\u3060\u3044\u308b\u30fb\u30fb\u30fb\u3057\u3076\u3068\u3044\u3002<\/p>\n
\n
$ lsmod | grep tables\r\nip_tables 32768 0\r\nx_tables 53248 1 ip_tables<\/code><\/pre>\n<\/div>\n
sudo systemctl list-units –type=service<\/em>\u3057\u3066\u3082nftables<\/em>\u306f\u3044\u307e\u305b\u3093\u3002
\n\u3053\u306e\u3042\u305f\u308a\u304c\u539f\u56e0\u3067\u3057\u3087\u3046\u304b\u3002<\/p>\n
\n
$ sudo find \/etc -name '*nftables*'\r\n\/etc\/nftables.conf\r\n\/etc\/systemd\/system\/nftables.service<\/code><\/pre>\n<\/div>\n
\/etc\/nftables.conf<\/em>\u306fubuntu<\/em>\u30e6\u30fc\u30b6\u306e\u30db\u30fc\u30e0\u306b\u9000\u907f\u3057\u3066\u3001nftables.service<\/em>\u306frm -fv<\/em>\u3057\u307e\u3059\u3002
\n\u305d\u306e\u3046\u3048\u3067\u3001\u6539\u3081\u3066rmmod ip_tables\u3001rmmod x_tables\u3057\u3066\u518d\u8d77\u52d5\u3057\u305f\u3089\u2026\u307e\u3060\u3044\u308b\u3002\u3057\u3076\u3068\u3044\u3002<\/p>\n
\n
$ lsmod | grep tables\r\nip_tables 32768 0\r\nx_tables 53248 1 ip_tables<\/code><\/pre>\n<\/div>\n
\u4eca\u65e5\u306e\u3068\u3053\u308d\u306f\u8ae6\u3081\u307e\u3059\u3002\u8ca0\u3051\u305f\u6c17\u6301\u3061\u3067\u3044\u3063\u3071\u3044\u3067\u3059\u3002\u3050\u3084\u3057\u3044\u3043\u3043\u30fb\u30fb\u30fb\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
EC2\uff0b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u30b0\u30eb\u30fc\u30d7\u3092\u4f7f\u3063\u3066\u3044\u308b\u306e\u3067\u3001ufw\/iptables\u306f\u4f7f\u3063\u3066\u3044\u307e\u305b\u3093\u3002\u3057\u304b\u3057\u3001\u306a\u3093\u3068\u306a\u304flsmod\u3057\u305f\u3089\u3001ip_tables\u304c\u30ed\u30fc\u30c9\u3055\u308c\u3066\u308b\u3058\u3083\u306a\u3044\u3067\u3059\u304b\u3002\u305d\u3053\u3067\u7121\u52b9\u5316\u3092\u8a66\u307f\u307e\u3057\u305f\u3002<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,4,10],"tags":[],"class_list":["post-139","post","type-post","status-publish","format-standard","hentry","category-aws","category-linux","category-10"],"_links":{"self":[{"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/posts\/139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/comments?post=139"}],"version-history":[{"count":3,"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/posts\/139\/revisions"}],"predecessor-version":[{"id":178,"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/posts\/139\/revisions\/178"}],"wp:attachment":[{"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/media?parent=139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/categories?post=139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/th0x0472.net\/index.php\/wp-json\/wp\/v2\/tags?post=139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}