linux firewalld_ex

firewalld tutorial

- is firewalld running?
firewall-cmd --state

- start firewalld
systemctl start firewalld.service
firewall-cmd --state

- what is the default zone?
firewall-cmd --get-default-zone

- what zones are active on which interfaces?
firewall-cmd --get-active-zones

- what are the service settings for the default zone?
firewall-cmd --list-all

- what zones are available?
firewall-cmd --get-zones

- what are the service settings of the 'home' zone?
firewall-cmd --zone=home --list-all

- list the service settings of all zones.
firewall-cmd --list-all-zones | less

- what services are available?
firewall-cmd --get-services

- allow http service to the public zone.
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --list-services

- allow https service permanently to the public zone.
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --list-services

- allow a specific port to the public service.
firewall-cmd --zone=public --add-port=3011/tcp
firewall-cmd --zone=public --permanent - -add-port=3011/tcp

- services are stored in lib, new services acn be stored in etc.
cp /usr/lib/firewalld/services/ftp.xml /etc/firewalld/services/ftp_new.xml

- change port 21 to eg 7021 and reload.
vi /etc/firewalld/services/ftp_new.xml
firewall-cmd --reload
firewall-cmd --get-services

- create a new zone.
firewall-cmd --permanent --new-zone=publictest
firewall-cmd --reload
firewall-cmd --get-zones

- connect new zone to interface.
firewall-cmd --zone=publictest --change-interface=ens32

- add service ssh to new zone.
firewall-cmd --zone=publictest --permanent --add-service=ssh

- add to /etc/sysconfig/network-scripts/ifcfg-ens32
ZONE=publictest

- restart network and firewalld.
sudo systemctl restart network
sudo systemctl restart firewalld

This entry was posted in Uncategorized. Bookmark the permalink.

Comments are closed.