{"id":3092,"date":"2023-01-14T15:00:59","date_gmt":"2023-01-14T06:00:59","guid":{"rendered":"https:\/\/www.kinryo.net\/?p=3092"},"modified":"2025-06-04T12:02:42","modified_gmt":"2025-06-04T03:02:42","slug":"%ef%bc%93%ef%bc%9afirewalld%e3%81%ae%e8%a8%ad%e5%ae%9a","status":"publish","type":"post","link":"https:\/\/www.kinryo.net\/?p=3092","title":{"rendered":"\uff13\uff1afirewalld\u306e\u8a2d\u5b9a"},"content":{"rendered":"\r\n

firewall\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u4f5c\u6210
# <\/span>gedit firewall.sh<\/span><\/p>\r\n\r\n\r\n\r\n

#!\/bin\/bash\r\n\r\n#---------------------------------------#\r\n# \u8a2d\u5b9a\u958b\u59cb                              #\r\n#---------------------------------------#\r\n\r\n# \u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c9\u30ec\u30b9\u5b9a\u7fa9\r\nLOCALNET=192.168.XX.0\/24\r\n\r\n#---------------------------------------#\r\n# \u8a2d\u5b9a\u7d42\u4e86                              #\r\n#---------------------------------------#\r\n\r\n#\r\n# \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u521d\u671f\u5316\r\n#\r\nsystemctl stop firewalld\r\nrm -f \/etc\/firewalld\/zones\/*\r\nrm -f \/etc\/firewalld\/ipsets\/*\r\nsystemctl start firewalld\r\nfirewall-cmd --reload >\/dev\/null\r\n\r\n#\r\n# \u5185\u90e8\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n#\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"10.0.0.0\/8\" accept\" --permanent >\/dev\/null\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"172.16.0.0\/12\" accept\" --permanent >\/dev\/null\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"192.168.0.0\/16\" accept\" --permanent >\/dev\/null\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"${LOCALNET}\" accept\" --permanent >\/dev\/null\r\n\r\n#\r\n# SYN Cookies\u3092\u6709\u52b9\u306b\u3059\u308b\r\n# \u203bTCP SYN Flood\u653b\u6483\u5bfe\u7b56\r\n#\r\nsysctl -w net.ipv4.tcp_syncookies=1 > \/dev\/null\r\nsed -i '\/net.ipv4.tcp_syncookies\/d' \/etc\/sysctl.conf\r\necho \"net.ipv4.tcp_syncookies=1\" >> \/etc\/sysctl.conf\r\n\r\n#\r\n# \u30d6\u30ed\u30fc\u30c9\u30ad\u30e3\u30b9\u30c8\u30a2\u30c9\u30ec\u30b9\u5b9bping\u306b\u306f\u5fdc\u7b54\u3057\u306a\u3044\r\n# \u203bSmurf\u653b\u6483\u5bfe\u7b56\r\n#\r\nsysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 > \/dev\/null\r\nsed -i '\/net.ipv4.icmp_echo_ignore_broadcasts\/d' \/etc\/sysctl.conf\r\necho \"net.ipv4.icmp_echo_ignore_broadcasts=1\" >> \/etc\/sysctl.conf\r\n\r\n#\r\n# ICMP Redirect\u30d1\u30b1\u30c3\u30c8\u306f\u62d2\u5426\r\n#\r\nsed -i '\/net.ipv4.conf.*.accept_redirects\/d' \/etc\/sysctl.conf\r\nfor dev in `ls \/proc\/sys\/net\/ipv4\/conf\/`\r\ndo\r\n    sysctl -w net.ipv4.conf.$dev.accept_redirects=0 > \/dev\/null\r\n    echo \"net.ipv4.conf.$dev.accept_redirects=0\" >> \/etc\/sysctl.conf\r\ndone\r\n\r\n#\r\n# Source Routed\u30d1\u30b1\u30c3\u30c8\u306f\u62d2\u5426\r\n#\r\nsed -i '\/net.ipv4.conf.*.accept_source_route\/d' \/etc\/sysctl.conf\r\nfor dev in `ls \/proc\/sys\/net\/ipv4\/conf\/`\r\ndo\r\n    sysctl -w net.ipv4.conf.$dev.accept_source_route=0 > \/dev\/null\r\n    echo \"net.ipv4.conf.$dev.accept_source_route=0\" >> \/etc\/sysctl.conf\r\ndone\r\n\r\n#\r\n# IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u53d6\u5f97\r\n#\r\nIP_LIST=\/tmp\/cidr.txt\r\nCHK_IP_LIST=\/tmp\/IPLIST\r\nif [ ! -f ${IP_LIST} ]; then\r\n    wget -q http:\/\/nami.jp\/ipv4bycc\/cidr.txt.gz\r\n    gunzip -c cidr.txt.gz > ${IP_LIST}\r\n    rm -f cidr.txt.gz\r\nfi\r\nrm -f ${CHK_IP_LIST}\r\n\r\n\r\n#\r\n# \u30be\u30fc\u30f3(\u65e5\u672c\u56fd\u5185)\u4f5c\u6210\r\n#\r\n\r\n# domestic(\u65e5\u672c\u56fd\u5185)\u30be\u30fc\u30f3\u4f5c\u6210\r\nfirewall-cmd --new-zone=domestic --permanent >\/dev\/null\r\n\r\n# domestic(\u65e5\u672c\u56fd\u5185)IP\u30bb\u30c3\u30c8\u4f5c\u6210\r\nfirewall-cmd --new-ipset=domestic --type=hash:net --permanent >\/dev\/null\r\n\r\n# \u65e5\u672c\u56fd\u5185\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u4f5c\u6210\r\ndomestic_ipset=`mktemp`\r\nfor addr in `cat ${IP_LIST} | grep ^JP | awk '{print $2}'`\r\ndo\r\n    echo ${addr} >> ${domestic_ipset}\r\ndone\r\n\r\n# \u65e5\u672c\u56fd\u5185\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u3092domestic(\u65e5\u672c\u56fd\u5185)IP\u30bb\u30c3\u30c8\u306b\u767b\u9332\r\nfirewall-cmd --ipset=domestic --add-entries-from-file=${domestic_ipset} --permanent >\/dev\/null\r\nrm -f ${domestic_ipset}\r\n\r\n# domestic(\u65e5\u672c\u56fd\u5185)IP\u30bb\u30c3\u30c8\u3092domestic(\u65e5\u672c\u56fd\u5185)\u30be\u30fc\u30f3\u306b\u767b\u9332\r\nfirewall-cmd --zone=domestic --add-source=ipset:domestic --permanent >\/dev\/null\r\n\r\n# IP\u30a2\u30c9\u30ec\u30b9\u66f4\u65b0\u30c1\u30a7\u30c3\u30af\u7528\u306b\u9000\u907f\r\ngrep ^JP ${IP_LIST} >> $CHK_IP_LIST\r\n\r\n# \u4ee5\u964d,\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u305f\u3044\u5834\u5408\u306fdomestic\u30be\u30fc\u30f3\u306b\u30b5\u30fc\u30d3\u30b9\u3092\u8ffd\u52a0\u3059\u308b\r\n\r\n# \u5168\u56fd\u8b66\u5bdf\u65bd\u8a2d\u3078\u306e\u653b\u6483\u5143\u4e0a\u4f4d\uff15\u30ab\u56fd(\u65e5\u672c\u30fb\u30a2\u30e1\u30ea\u30ab\u3092\u9664\u304f)\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u7834\u68c4\r\n# \u76f4\u8fd1\uff11\u9031\u9593\u306e\u72b6\u6cc1 http:\/\/www.npa.go.jp\/cyberpolice\/detect\/observation.html\r\n# \u524d\u6708\u306e\u72b6\u6cc1 http:\/\/www.npa.go.jp\/cyberpolice\/detect\/index.html\r\n# \u56fd\u30b3\u30fc\u30c9\u4e00\u89a7 https:\/\/ja.wikipedia.org\/wiki\/ISO_3166-1#%E7%95%A5%E5%8F%B7%E4%B8%80%E8%A6%A7\r\nDROP_COUNTRY_LIST=(BG HK RO CN GB)\r\n\r\n# drop_country(\u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd)IP\u30bb\u30c3\u30c8\u4f5c\u6210\r\nfirewall-cmd --new-ipset=drop_country --type=hash:net --permanent >\/dev\/null\r\n\r\n# \u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u4f5c\u6210\r\ndrop_ipset=`mktemp`\r\nfor country in \"${DROP_COUNTRY_LIST[@]}\"\r\ndo\r\n    for addr in `cat ${IP_LIST} | grep ^${country} | awk '{print $2}'`\r\n    do\r\n        echo ${addr} >> ${drop_ipset}\r\n    done\r\n    grep ^${country} ${IP_LIST} >> ${CHK_IP_LIST}\r\ndone\r\n\r\n# \u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u3092drop_country(\u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd)IP\u30bb\u30c3\u30c8\u306b\u767b\u9332\r\nfirewall-cmd --ipset=drop_country --add-entries-from-file=${drop_ipset} --permanent >\/dev\/null\r\nrm -f ${drop_ipset}\r\n\r\n# drop_country(\u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd)IP\u30bb\u30c3\u30c8\u3092drop\u30be\u30fc\u30f3\u306b\u767b\u9332\r\nfirewall-cmd --zone=drop --add-source=ipset:drop_country --permanent >\/dev\/null\r\n\r\n#----------------------------------------------------------#\r\n# \u5404\u7a2e\u30b5\u30fc\u30d3\u30b9\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u8a2d\u5b9a(\u3053\u3053\u304b\u3089)               #\r\n#----------------------------------------------------------#\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSSH(TCP22\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSSH\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --remove-service=ssh --zone=public --permanent >\/dev\/null\r\nfirewall-cmd --add-service=ssh --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eDNS(TCP\/UDP53\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203b\u5916\u90e8\u5411\u3051DNS\u30b5\u30fc\u30d0\u30fc\u3092\u904b\u7528\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=dns --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=dns --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eHTTP(TCP80\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203bWeb\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=http --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=http --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eHTTPS(TCP443\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203bWeb\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=https --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=https --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSMTP(TCP25\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203bSMTP\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=smtp --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=smtp --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSUBMISSION(TCP587\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSMTP\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\n# \u203bSMTPS\u30b5\u30fc\u30d0\u30fc\uff08TCP465\u756a\u30dd\u30fc\u30c8\uff09\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306f\u4e0d\u8981\r\nfirewall-cmd --add-service=smtp-submission --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSMTPS(TCP465\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSMTPS\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f 2>&1\r\nfirewall-cmd --add-service=smtps --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306ePOP3(TCP110\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bPOP3\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=pop3 --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306ePOP3S(TCP995\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bPOP3S\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=pop3s --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eIMAP(TCP143\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bIMAP\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=imap --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eIMAPS(TCP993\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bIMAPS\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=imaps --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eL2TP over IPsec(UDP500\u756a\u30dd\u30fc\u30c8\u3001UDP4500\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSoftEther VPN Server\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=ipsec --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eUsermin(TCP20000\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bUsermin\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-port=20000\/tcp --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eJpsonic(TCP8080\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bJpsonic\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-port=8080\/tcp --zone=domestic --permanent >\/dev\/null\r\n\r\n#----------------------------------------------------------#\r\n# \u5404\u7a2e\u30b5\u30fc\u30d3\u30b9\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u8a2d\u5b9a(\u3053\u3053\u307e\u3067)               #\r\n#----------------------------------------------------------#\r\n\r\n# \u62d2\u5426IP\u30a2\u30c9\u30ec\u30b9\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306f\u30ed\u30b0\u3092\u8a18\u9332\u305b\u305a\u306b\u7834\u68c4\r\n# \u203b\u62d2\u5426IP\u30a2\u30c9\u30ec\u30b9\u306f\/root\/deny_ip\u306b1\u884c\u3054\u3068\u306b\u8a18\u8ff0\u3057\u3066\u304a\u304f\u3053\u3068\r\n# (\/root\/deny_ip\u304c\u306a\u3051\u308c\u3070\u306a\u306b\u3082\u3057\u306a\u3044)\r\nif [ -s \/root\/deny_ip ]; then\r\n    for ip in `cat \/root\/deny_ip`\r\n    do\r\n        firewall-cmd --zone=drop --permanent --add-source=${ip} --permanent >\/dev\/null\r\n    done\r\nfi\r\n\r\n\r\n# \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u53cd\u6620\r\nfirewall-cmd --reload >\/dev\/null\r\n\r\n#!\/bin\/bash\r\n\r\n#---------------------------------------#\r\n# \u8a2d\u5b9a\u958b\u59cb                              #\r\n#---------------------------------------#\r\n\r\n# \u5185\u90e8\u30cd\u30c3\u30c8\u30ef\u30fc\u30af\u30a2\u30c9\u30ec\u30b9\u5b9a\u7fa9\r\nLOCALNET=192.168.1.0\/24\r\n\r\n#---------------------------------------#\r\n# \u8a2d\u5b9a\u7d42\u4e86                              #\r\n#---------------------------------------#\r\n\r\n#\r\n# \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u521d\u671f\u5316\r\n#\r\nsystemctl stop firewalld\r\nrm -f \/etc\/firewalld\/zones\/*\r\nrm -f \/etc\/firewalld\/ipsets\/*\r\nsystemctl start firewalld\r\nfirewall-cmd --reload >\/dev\/null\r\n\r\n#\r\n# \u5185\u90e8\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n#\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"10.0.0.0\/8\" accept\" --permanent >\/dev\/null\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"172.16.0.0\/12\" accept\" --permanent >\/dev\/null\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"192.168.0.0\/16\" accept\" --permanent >\/dev\/null\r\nfirewall-cmd --add-rich-rule=\"rule family=\"ipv4\" source address=\"${LOCALNET}\" accept\" --permanent >\/dev\/null\r\n\r\n#\r\n# SYN Cookies\u3092\u6709\u52b9\u306b\u3059\u308b\r\n# \u203bTCP SYN Flood\u653b\u6483\u5bfe\u7b56\r\n#\r\nsysctl -w net.ipv4.tcp_syncookies=1 > \/dev\/null\r\nsed -i '\/net.ipv4.tcp_syncookies\/d' \/etc\/sysctl.conf\r\necho \"net.ipv4.tcp_syncookies=1\" >> \/etc\/sysctl.conf\r\n\r\n#\r\n# \u30d6\u30ed\u30fc\u30c9\u30ad\u30e3\u30b9\u30c8\u30a2\u30c9\u30ec\u30b9\u5b9bping\u306b\u306f\u5fdc\u7b54\u3057\u306a\u3044\r\n# \u203bSmurf\u653b\u6483\u5bfe\u7b56\r\n#\r\nsysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 > \/dev\/null\r\nsed -i '\/net.ipv4.icmp_echo_ignore_broadcasts\/d' \/etc\/sysctl.conf\r\necho \"net.ipv4.icmp_echo_ignore_broadcasts=1\" >> \/etc\/sysctl.conf\r\n\r\n#\r\n# ICMP Redirect\u30d1\u30b1\u30c3\u30c8\u306f\u62d2\u5426\r\n#\r\nsed -i '\/net.ipv4.conf.*.accept_redirects\/d' \/etc\/sysctl.conf\r\nfor dev in `ls \/proc\/sys\/net\/ipv4\/conf\/`\r\ndo\r\n    sysctl -w net.ipv4.conf.$dev.accept_redirects=0 > \/dev\/null\r\n    echo \"net.ipv4.conf.$dev.accept_redirects=0\" >> \/etc\/sysctl.conf\r\ndone\r\n\r\n#\r\n# Source Routed\u30d1\u30b1\u30c3\u30c8\u306f\u62d2\u5426\r\n#\r\nsed -i '\/net.ipv4.conf.*.accept_source_route\/d' \/etc\/sysctl.conf\r\nfor dev in `ls \/proc\/sys\/net\/ipv4\/conf\/`\r\ndo\r\n    sysctl -w net.ipv4.conf.$dev.accept_source_route=0 > \/dev\/null\r\n    echo \"net.ipv4.conf.$dev.accept_source_route=0\" >> \/etc\/sysctl.conf\r\ndone\r\n\r\n#\r\n# IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u53d6\u5f97\r\n#\r\nIP_LIST=\/tmp\/cidr.txt\r\nCHK_IP_LIST=\/tmp\/IPLIST\r\nif [ ! -f ${IP_LIST} ]; then\r\n    wget -q http:\/\/nami.jp\/ipv4bycc\/cidr.txt.gz\r\n    gunzip -c cidr.txt.gz > ${IP_LIST}\r\n    rm -f cidr.txt.gz\r\nfi\r\nrm -f ${CHK_IP_LIST}\r\n\r\n\r\n#\r\n# \u30be\u30fc\u30f3(\u65e5\u672c\u56fd\u5185)\u4f5c\u6210\r\n#\r\n\r\n# domestic(\u65e5\u672c\u56fd\u5185)\u30be\u30fc\u30f3\u4f5c\u6210\r\nfirewall-cmd --new-zone=domestic --permanent >\/dev\/null\r\n\r\n# domestic(\u65e5\u672c\u56fd\u5185)IP\u30bb\u30c3\u30c8\u4f5c\u6210\r\nfirewall-cmd --new-ipset=domestic --type=hash:net --permanent >\/dev\/null\r\n\r\n# \u65e5\u672c\u56fd\u5185\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u4f5c\u6210\r\ndomestic_ipset=`mktemp`\r\nfor addr in `cat ${IP_LIST} | grep ^JP | awk '{print $2}'`\r\ndo\r\n    echo ${addr} >> ${domestic_ipset}\r\ndone\r\n\r\n# \u65e5\u672c\u56fd\u5185\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u3092domestic(\u65e5\u672c\u56fd\u5185)IP\u30bb\u30c3\u30c8\u306b\u767b\u9332\r\nfirewall-cmd --ipset=domestic --add-entries-from-file=${domestic_ipset} --permanent >\/dev\/null\r\nrm -f ${domestic_ipset}\r\n\r\n# domestic(\u65e5\u672c\u56fd\u5185)IP\u30bb\u30c3\u30c8\u3092domestic(\u65e5\u672c\u56fd\u5185)\u30be\u30fc\u30f3\u306b\u767b\u9332\r\nfirewall-cmd --zone=domestic --add-source=ipset:domestic --permanent >\/dev\/null\r\n\r\n# IP\u30a2\u30c9\u30ec\u30b9\u66f4\u65b0\u30c1\u30a7\u30c3\u30af\u7528\u306b\u9000\u907f\r\ngrep ^JP ${IP_LIST} >> $CHK_IP_LIST\r\n\r\n# \u4ee5\u964d,\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\u3057\u305f\u3044\u5834\u5408\u306fdomestic\u30be\u30fc\u30f3\u306b\u30b5\u30fc\u30d3\u30b9\u3092\u8ffd\u52a0\u3059\u308b\r\n\r\n# \u5168\u56fd\u8b66\u5bdf\u65bd\u8a2d\u3078\u306e\u653b\u6483\u5143\u4e0a\u4f4d\uff15\u30ab\u56fd(\u65e5\u672c\u30fb\u30a2\u30e1\u30ea\u30ab\u3092\u9664\u304f)\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u3092\u7834\u68c4\r\n# \u76f4\u8fd1\uff11\u9031\u9593\u306e\u72b6\u6cc1 http:\/\/www.npa.go.jp\/cyberpolice\/detect\/observation.html\r\n# \u524d\u6708\u306e\u72b6\u6cc1 http:\/\/www.npa.go.jp\/cyberpolice\/detect\/index.html\r\n# \u56fd\u30b3\u30fc\u30c9\u4e00\u89a7 https:\/\/ja.wikipedia.org\/wiki\/ISO_3166-1#%E7%95%A5%E5%8F%B7%E4%B8%80%E8%A6%A7\r\nDROP_COUNTRY_LIST=(BG HK RO CN GB)\r\n\r\n# drop_country(\u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd)IP\u30bb\u30c3\u30c8\u4f5c\u6210\r\nfirewall-cmd --new-ipset=drop_country --type=hash:net --permanent >\/dev\/null\r\n\r\n# \u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u4f5c\u6210\r\ndrop_ipset=`mktemp`\r\nfor country in \"${DROP_COUNTRY_LIST[@]}\"\r\ndo\r\n    for addr in `cat ${IP_LIST} | grep ^${country} | awk '{print $2}'`\r\n    do\r\n        echo ${addr} >> ${drop_ipset}\r\n    done\r\n    grep ^${country} ${IP_LIST} >> ${CHK_IP_LIST}\r\ndone\r\n\r\n# \u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd\u306eIP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u3092drop_country(\u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd)IP\u30bb\u30c3\u30c8\u306b\u767b\u9332\r\nfirewall-cmd --ipset=drop_country --add-entries-from-file=${drop_ipset} --permanent >\/dev\/null\r\nrm -f ${drop_ipset}\r\n\r\n# drop_country(\u30a2\u30af\u30bb\u30b9\u7981\u6b62\u56fd)IP\u30bb\u30c3\u30c8\u3092drop\u30be\u30fc\u30f3\u306b\u767b\u9332\r\nfirewall-cmd --zone=drop --add-source=ipset:drop_country --permanent >\/dev\/null\r\n\r\n#----------------------------------------------------------#\r\n# \u5404\u7a2e\u30b5\u30fc\u30d3\u30b9\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u8a2d\u5b9a(\u3053\u3053\u304b\u3089)               #\r\n#----------------------------------------------------------#\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSSH(TCP22\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSSH\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --remove-service=ssh --zone=public --permanent >\/dev\/null\r\nfirewall-cmd --add-service=ssh --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eDNS(TCP\/UDP53\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203b\u5916\u90e8\u5411\u3051DNS\u30b5\u30fc\u30d0\u30fc\u3092\u904b\u7528\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=dns --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=dns --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eHTTP(TCP80\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203bWeb\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=http --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=http --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eHTTPS(TCP443\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203bWeb\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=https --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=https --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSMTP(TCP25\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u8a31\u53ef\r\n# \u203bSMTP\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=smtp --zone=domestic --permanent >\/dev\/null\r\nfirewall-cmd --add-service=smtp --zone=public --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSUBMISSION(TCP587\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSMTP\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\n# \u203bSMTPS\u30b5\u30fc\u30d0\u30fc\uff08TCP465\u756a\u30dd\u30fc\u30c8\uff09\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306f\u4e0d\u8981\r\nfirewall-cmd --add-service=smtp-submission --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eSMTPS(TCP465\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSMTPS\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f 2>&1\r\nfirewall-cmd --add-service=smtps --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306ePOP3(TCP110\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bPOP3\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=pop3 --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306ePOP3S(TCP995\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bPOP3S\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=pop3s --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eIMAP(TCP143\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bIMAP\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=imap --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eIMAPS(TCP993\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bIMAPS\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=imaps --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eL2TP over IPsec(UDP500\u756a\u30dd\u30fc\u30c8\u3001UDP4500\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bSoftEther VPN Server\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-service=ipsec --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eUsermin(TCP20000\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bUsermin\u30b5\u30fc\u30d0\u30fc\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-port=20000\/tcp --zone=domestic --permanent >\/dev\/null\r\n\r\n# \u5916\u90e8\u304b\u3089\u306eJpsonic(TCP8080\u756a\u30dd\u30fc\u30c8)\u3078\u306e\u30a2\u30af\u30bb\u30b9\u3092\u65e5\u672c\u56fd\u5185\u304b\u3089\u306e\u307f\u8a31\u53ef\r\n# \u203bJpsonic\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u307f\r\nfirewall-cmd --add-port=8080\/tcp --zone=domestic --permanent >\/dev\/null\r\n\r\n#----------------------------------------------------------#\r\n# \u5404\u7a2e\u30b5\u30fc\u30d3\u30b9\u3092\u516c\u958b\u3059\u308b\u5834\u5408\u306e\u8a2d\u5b9a(\u3053\u3053\u307e\u3067)               #\r\n#----------------------------------------------------------#\r\n\r\n# \u62d2\u5426IP\u30a2\u30c9\u30ec\u30b9\u304b\u3089\u306e\u30a2\u30af\u30bb\u30b9\u306f\u30ed\u30b0\u3092\u8a18\u9332\u305b\u305a\u306b\u7834\u68c4\r\n# \u203b\u62d2\u5426IP\u30a2\u30c9\u30ec\u30b9\u306f\/root\/deny_ip\u306b1\u884c\u3054\u3068\u306b\u8a18\u8ff0\u3057\u3066\u304a\u304f\u3053\u3068\r\n# (\/root\/deny_ip\u304c\u306a\u3051\u308c\u3070\u306a\u306b\u3082\u3057\u306a\u3044)\r\nif [ -s \/root\/deny_ip ]; then\r\n    for ip in `cat \/root\/deny_ip`\r\n    do\r\n        firewall-cmd --zone=drop --permanent --add-source=${ip} --permanent >\/dev\/null\r\n    done\r\nfi\r\n\r\n\r\n# \u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u53cd\u6620\r\nfirewall-cmd --reload >\/dev\/null<\/span><\/pre>\r\n
IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u30c1\u30a7\u30c3\u30af\u30b9\u30af\u30ea\u30d7\u30c8\u4f5c\u6210<\/span>
#<\/span> gedit \/etc\/cron.daily\/iplist_check.sh<\/span><\/span><\/p>\r\n
#!\/bin\/bash\r\n\r\nPATH=\/usr\/local\/sbin:\/usr\/local\/bin:\/sbin:\/bin:\/usr\/sbin:\/usr\/bin\r\n\r\n# \u65b0\u65e7IPLIST\u5dee\u5206\u30c1\u30a7\u30c3\u30af\u4ef6\u6570(0\u3092\u6307\u5b9a\u3059\u308b\u3068\u30c1\u30a7\u30c3\u30af\u3057\u306a\u3044)\r\n# \u203b\u65b0\u65e7IPLIST\u5dee\u5206\u304cSABUN_CHK\u3067\u6307\u5b9a\u3057\u305f\u4ef6\u6570\u3092\u8d8a\u3048\u308b\u5834\u5408\u306ffirewall\u8a2d\u5b9a\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u5b9f\u884c\u3057\u306a\u3044\r\n# \u203b\u65b0\u65e7IPLIST\u5dee\u5206\u30c1\u30a7\u30c3\u30af\u7406\u7531\u306fhttp:\/\/centossrv.com\/bbshtml\/webpatio\/1592.shtml\u3092\u53c2\u7167\r\nSABUN_CHK=100\r\n[ $# -ne 0 ] && SABUN_CHK=${1}\r\n\r\n# IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u53d6\u5f97\r\nIP_LIST=\/tmp\/cidr.txt\r\nCHK_IP_LIST=\/tmp\/IPLIST\r\nwget -q http:\/\/nami.jp\/ipv4bycc\/cidr.txt.gz\r\ngunzip -c cidr.txt.gz > $IP_LIST\r\nrm -f cidr.txt.gz\r\n\r\n# \u30c1\u30a7\u30c3\u30af\u5bfe\u8c61IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u6700\u65b0\u5316\r\nrm -f IPLIST.new\r\nfor country in `awk '{print $1}' $CHK_IP_LIST |uniq`\r\ndo\r\n    grep ^$country $IP_LIST >> IPLIST.new\r\ndone\r\n\r\n# \u30c1\u30a7\u30c3\u30af\u5bfe\u8c61IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u66f4\u65b0\u30c1\u30a7\u30c3\u30af\r\ndiff -q $CHK_IP_LIST IPLIST.new > \/dev\/null 2>&1\r\nif [ $? -ne 0 ]; then\r\n    if [ ${SABUN_CHK} -ne 0 ]; then\r\n        if [ $(diff $CHK_IP_LIST IPLIST.new | egrep -c '<|>') -gt ${SABUN_CHK} ]; then\r\n            (\r\n             diff $CHK_IP_LIST IPLIST.new\r\n             echo\r\n             echo \"firewall.sh not executed.\"\r\n            ) | mail -s 'IPLIST UPDATE' root\r\n            rm -f IPLIST.new\r\n            exit\r\n        fi\r\n    fi\r\n    \/bin\/mv IPLIST.new $CHK_IP_LIST\r\n    sh \/root\/firewall.sh > \/dev\/null\r\nelse\r\n    rm -f IPLIST.new\r\nfi<\/span><\/pre>\r\n
IP\u30a2\u30c9\u30ec\u30b9\u30ea\u30b9\u30c8\u30c1\u30a7\u30c3\u30af\u30b9\u30af\u30ea\u30d7\u30c8\u306b\u5b9f\u884c\u6a29\u9650\u4ed8\u52a0<\/span>
<\/span>#<\/span> chmod +x \/etc\/cron.daily\/iplist_check.sh<\/span>
\u30d5\u30a1\u30a4\u30a2\u30a6\u30a9\u30fc\u30eb\u8a2d\u5b9a\u30b9\u30af\u30ea\u30d7\u30c8\u5b9f\u884c<\/span>
#<\/span> bash firewall.sh<\/span>
firewall\u81ea\u52d5\u8d77\u52d5\u8a2d\u5b9a
#<\/span> systemctl enable firewalld<\/span><\/span><\/p>\r\n

<\/span><\/p>\r\n
\u00a0<\/span><\/p>\r\n","protected":false},"excerpt":{"rendered":"
firewall\u30b9\u30af\u30ea\u30d7\u30c8\u306e\u4f5c\u6210# gedit firewall.sh #!\/bin\/bash #—————————————# # \u8a2d\u5b9a\u958b\u59cb # #———- … \u7d9a\u304d\u3092\u8aad\u3080 →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"sns_share_botton_hide":"","vkExUnit_sns_title":"","_vk_print_noindex":"","sitemap_hide":"","_veu_custom_css":"","veu_display_promotion_alert":"common","vkexunit_cta_each_option":"","footnotes":""},"categories":[27],"tags":[],"class_list":["post-3092","post","type-post","status-publish","format-standard","hentry","category-almalinux"],"acf":[],"veu_head_title_object":{"title":"","add_site_title":""},"_links":{"self":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/3092","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3092"}],"version-history":[{"count":17,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/3092\/revisions"}],"predecessor-version":[{"id":4310,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=\/wp\/v2\/posts\/3092\/revisions\/4310"}],"wp:attachment":[{"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3092"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3092"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kinryo.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3092"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}