Difference between revisions of "Red Hat / Centos firewall"
From MyWiki
| (9 intermediate revisions by the same user not shown) | |||
| Line 7: | Line 7: | ||
cat /etc/firewalld/zones/public.xml | cat /etc/firewalld/zones/public.xml | ||
</source> | </source> | ||
| + | '''Reference - https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7'''<br> | ||
firewall-cmd --state<br> | firewall-cmd --state<br> | ||
sudo systemctl start firewalld.service<br> | sudo systemctl start firewalld.service<br> | ||
| Line 22: | Line 23: | ||
public | public | ||
interfaces: eth0 eth1 | interfaces: eth0 eth1 | ||
| + | sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0<br> | ||
| + | ZONE= | ||
| + | |||
| + | sudo systemctl restart network.service<br> | ||
| + | sudo systemctl restart firewalld.service<br> | ||
| + | |||
| + | sudo firewall-cmd --set-default-zone=home<br> | ||
| + | |||
| + | sudo firewall-cmd --zone=public --add-service=https | ||
| + | sudo firewall-cmd --zone=public --permanent --add-service=https | ||
| + | |||
| + | |||
| + | '''Adding services'''<br> | ||
| + | firewall-cmd --get-services<br> | ||
| + | /usr/lib/firewalld/services directory. <br> | ||
| + | sudo firewall-cmd --zone=public --permanent --add-port=5000/tcp | ||
| + | sudo firewall-cmd --zone=public --permanent --add-port=4990-4999/udp | ||
| + | sudo firewall-cmd --zone=public --permanent --list-ports | ||
| + | Useful to define a service. | ||
Latest revision as of 12:01, 19 July 2016
Try this command firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" \ source address="1.2.3.4/32" \ port protocol="tcp" port="4567" accept" Check the zone file later to inspect the XML configuration cat /etc/firewalld/zones/public.xml
Reference - https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
firewall-cmd --state
sudo systemctl start firewalld.service
firewall-cmd --get-default-zone
firewall-cmd --get-active-zones
firewall-cmd --list-all
firewall-cmd --get-zones
firewall-cmd --zone=home --list-all
sudo firewall-cmd --zone=home --change-interface=eth0
firewall-cmd --get-active-zones
If the firewall is completely restarted, the interface will revert to the default zone: sudo systemctl restart firewalld.service firewall-cmd --get-active-zones output public interfaces: eth0 eth1
sudo nano /etc/sysconfig/network-scripts/ifcfg-eth0
ZONE=
sudo systemctl restart network.service
sudo systemctl restart firewalld.service
sudo firewall-cmd --set-default-zone=home
sudo firewall-cmd --zone=public --add-service=https sudo firewall-cmd --zone=public --permanent --add-service=https
Adding services
firewall-cmd --get-services
/usr/lib/firewalld/services directory.
sudo firewall-cmd --zone=public --permanent --add-port=5000/tcp sudo firewall-cmd --zone=public --permanent --add-port=4990-4999/udp sudo firewall-cmd --zone=public --permanent --list-ports
Useful to define a service.
