Difference between revisions of "Firewalld"
From Bashlinux
(Created page with "__NOTOC__ === How to enable/disable firewalld === * Enable # systemctl start firewalld.service # systemctl enable firewalld.service * Disable # systemctl stop firewalld.ser...") |
|||
Line 40: | Line 40: | ||
Assuming we want to allow http traffic (port 80) from 10.20.30.0/24 network only. |
Assuming we want to allow http traffic (port 80) from 10.20.30.0/24 network only. |
||
# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="10.20.30.0/24" service name="http" accept" |
# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="10.20.30.0/24" service name="http" accept" |
||
− | |||
− | === How to allow NFS with firewalld === |
||
− | # firewall-cmd --permanent --zone public --add-service mountd |
||
− | # firewall-cmd --permanent --zone public --add-service rpc-bind |
||
− | # firewall-cmd --permanent --zone public --add-service nfs |
||
− | # firewall-cmd --reload |
Latest revision as of 04:20, 25 June 2015
How to enable/disable firewalld
- Enable
# systemctl start firewalld.service # systemctl enable firewalld.service
- Disable
# systemctl stop firewalld.service # systemctl disable firewalld.service
How to check if firewalld is running
#firewall-cmd --state
How to check active zones
# firewall-cmd --get-active-zones
How to check current active services
# firewall-cmd --get-service
How to reload firewalld
# firewall-cmd --reload
How to allow traffic on a specific port
# firewall-cmd --permanent --zone-public --add-port=1122 # firewall-cmd --reload
How to add a known service to the firewall
Assuming we want to allow http traffic (port 80)
# firewall-cmd --permanent --zone-public --add-service=http # firewall-cmd --reload
How to remove a specific port
# firewall-cmd --permanent --zone-public --remove-port=1122 # firewall-cmd --reload
How to remove a specific service from the firewall
# firewall-cmd --permanent --zone=public --remove-service=https # firewall-cmd --reload
How to allow traffic coming from a particular subnet
Assuming we want to allow http traffic (port 80) from 10.20.30.0/24 network only.
# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="10.20.30.0/24" service name="http" accept"