Firewalld

From Bashlinux
Revision as of 04:16, 25 June 2015 by Manpaz (talk | contribs) (Created page with "__NOTOC__ === How to enable/disable firewalld === * Enable # systemctl start firewalld.service # systemctl enable firewalld.service * Disable # systemctl stop firewalld.ser...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How to enable/disable firewalld

  • Enable
# systemctl start firewalld.service
# systemctl enable firewalld.service
  • Disable
# systemctl stop firewalld.service
# systemctl disable firewalld.service

How to check if firewalld is running

#firewall-cmd --state

How to check active zones

# firewall-cmd --get-active-zones

How to check current active services

# firewall-cmd --get-service

How to reload firewalld

# firewall-cmd --reload

How to allow traffic on a specific port

# firewall-cmd --permanent --zone-public --add-port=1122
# firewall-cmd --reload

How to add a known service to the firewall

Assuming we want to allow http traffic (port 80)

# firewall-cmd --permanent --zone-public --add-service=http
# firewall-cmd --reload

How to remove a specific port

# firewall-cmd --permanent --zone-public --remove-port=1122
# firewall-cmd --reload

How to remove a specific service from the firewall

# firewall-cmd --permanent --zone=public --remove-service=https
# firewall-cmd --reload

How to allow traffic coming from a particular subnet

Assuming we want to allow http traffic (port 80) from 10.20.30.0/24 network only.

# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="10.20.30.0/24" service name="http" accept"

How to allow NFS with firewalld

# firewall-cmd --permanent --zone public --add-service mountd
# firewall-cmd --permanent --zone public --add-service rpc-bind
# firewall-cmd --permanent --zone public --add-service nfs
# firewall-cmd --reload