Firewalld

firewall-cmd is used to manage firewall (iptables). It is used by default on latest version of CentOS, RHEL.

    Check firewall status

    To see if firewall is running of not use

    firewall-cmd --state

    or

    systemctl status firewalld

    To disable firewalls

    systemctl stop firewalld
    systemctl disable firewalld

    Open a port in firewall

    To allow HTTP and HTTPS traffic, run

    firewall-cmd --permanent --zone=public --add-service=http
    firewall-cmd --permanent --zone=public --add-service=https
    firewall-cmd --permanent --zone=public --add-service=ssh
    firewall-cmd --permanent --zone=public --add-port=25/tcp
    firewall-cmd --reload

    Permanent option make the changes permanant. You need to reload firewall after using –permanent. If you want to open a port in current session and make it permanant, run the command with and with out –permanent.

    Open a port range in firewall

    firewall-cmd --zone=public --add-port=22-65535/tcp
    

    Close a port in firewall

    To close a port, you can use command same as you open with –add replaced with –remove.

    firewall-cmd --permanent --zone=public --remove-service http
    firewall-cmd --permanent --zone=public --remove-port 25/tcp
    

    Whitelist an IP address

    firewall-cmd --zone=trusted --add-source=IP_ADDR_HERE
    

    To remove an IP, use

    firewall-cmd --zone=trusted --remove-source=IP_ADDR_HERE
    

    Firewalld Zones

    Zone is a collection of rules that can be applied to a specific interface. Some useful commands are

    firewall-cmd --get-active-zones
    firewall-cmd --get-default-zone
    firewall-cmd --list-all-zones
    firewall-cmd --info-zone=public
    

    Zones are stored in /usr/lib/firewalld/zones

    Services

    Services are pre-made rules for a specific application. Some useful commands are

    firewall-cmd --get-services
    firewall-cmd --info-service SERVICE_NAME_HERE
    

    Services are stoed in /usr/lib/firewalld/services/ or /etc/firewalld/services/.

    Save run time configuration into permanant

    firewall-cmd --runtime-to-permanent
    

    iptables

    See firewall

    Comments

    Leave a Reply

    Your email address will not be published. Required fields are marked *