Firewalld: Difference between revisions
From DWIKI
mNo edit summary |
m (→HOWTO) |
||
| (12 intermediate revisions by the same user not shown) | |||
| Line 2: | Line 2: | ||
=Links= | =Links= | ||
*[https://firewalld.org/documentation/howto/ Firewalld howto] | |||
*https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 | *https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7 | ||
*[https://www.liquidweb.com/kb/an-introduction-to-firewalld/ cheatsheet] | |||
= | =HOWTO= | ||
==show rules== | |||
firewall-cmd --list-all | |||
==add service== | |||
firewall-cmd --zone=public --add-service=https | |||
firewall-cmd --permanent --zone=public --add-service=https | |||
==add allow source to service== | |||
TODO | |||
==add port== | |||
firewall-cmd --zone=public --add-port=5000/tcp | |||
firewall-cmd --permanent --zone=public --add-port=5000/tcp | |||
==remove port== | |||
firewall-cmd --zone=public --remove-port=2222/tcp | |||
==Rich rules== | |||
===Show rich rules=== | |||
firewall-cmd --list-rich-rules | |||
===Allow specific source to specific port=== | |||
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept' | |||
===delete rich rule=== | |||
--delete-rich-rule same as --add-rich-rule | |||
==zones== | |||
*[https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/security_guide/sec-working_with_zones Working with zones] | |||
===Create zone=== | |||
firewall-cmd --permanent --new-zone=myzone | |||
#really? | |||
firewall-cmd --reload | |||
firewall-cmd --runtime-to-permanent | |||
===Add port to zone=== | |||
https://firewalld.org/documentation/howto/add-a-service.html | |||
Latest revision as of 12:43, 3 July 2024
Redhat firewall interface
Links
- Firewalld howto
- https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
- cheatsheet
HOWTO
show rules
firewall-cmd --list-all
add service
firewall-cmd --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=https
add allow source to service
TODO
add port
firewall-cmd --zone=public --add-port=5000/tcp firewall-cmd --permanent --zone=public --add-port=5000/tcp
remove port
firewall-cmd --zone=public --remove-port=2222/tcp
Rich rules
Show rich rules
firewall-cmd --list-rich-rules
Allow specific source to specific port
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept'
delete rich rule
--delete-rich-rule same as --add-rich-rule
zones
Create zone
firewall-cmd --permanent --new-zone=myzone
- really?
firewall-cmd --reload firewall-cmd --runtime-to-permanent
Add port to zone
https://firewalld.org/documentation/howto/add-a-service.html
