Firewalld: Difference between revisions
From DWIKI
m (→HOWTO) |
|||
| Line 22: | Line 22: | ||
or | or | ||
==Rich rules== | |||
===Show rich rules=== | |||
firewall-cmd --list-rich-rules | |||
===Allow specific source to specific port=== | |||
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept' | firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept' | ||
==delete rich rule== | |||
===delete rich rule=== | |||
--delete-rich-rule same as --add-rich-rule | --delete-rich-rule same as --add-rich-rule | ||
Revision as of 16:48, 29 January 2024
Redhat firewall interface
Links
- Firewalld howto
- https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
- cheatsheet
HOWTO
show rules
firewall-cmd --list-all
add service
firewall-cmd --zone=public --add-service=https firewall-cmd --permanent --zone=public --add-service=https
add allow source to service
TODO
add port
firewall-cmd --zone=public --add-port=5000/tcp firewall-cmd --permanent --zone=public --add-port=5000/tcp
or
Rich rules
Show rich rules
firewall-cmd --list-rich-rules
Allow specific source to specific port
firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept'
delete rich rule
--delete-rich-rule same as --add-rich-rule
zones
Create zone
firewall-cmd --permanent --new-zone=myzone
- really?
firewall-cmd --reload firewall-cmd --runtime-to-permanent
Add port to zone
https://firewalld.org/documentation/howto/add-a-service.html
