redhat firewalld - ghdrako/doc_snipets GitHub Wiki

• firewall-cmd: https://firewalld.org/documentation/man-pages/firewall-cmd.html

• A beginner's guide to firewalld in Linux: https://www.redhat.com/sysadmin/beginners-guide-firewalld

• firewalld rich language: https://firewalld.org/documentation/man-pages/firewalld.richlanguage.html

• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking

Firewalld's concept of using zones, to which we can assign network interfaces or IP addresses

By default, firewalld is configured in the deny everything, add exceptions manner, again, for ease of use.

Status

firewall-cmd --state
firewall-cmd --list-services
systemctl status firewalld

Show rules

firewall-cmd --get-all-rules --direct

Start

systemctl unmask firewalld
systemctl start firewalld
systemctl enable firewalld

stop

systemctl stop firewalld
systemctl disable firewalld  # prevent firewalld from starting automatically at system start,
systemctl mask firewalld     #  make sure firewalld is not started by accessing the firewalld D-Bus interface and also if other services require firewalld

control traffic in services

firewall-cmd --panic-on    # immediately disable networking traffic
firewall-cmd --panic-off
firewall-cmd --query-panic

firewall-cmd --list-services # List allowed services
firewall-cmd --get-services # List all predefined services
firewall-cmd --add-service=<service-name> # add the service to the allowed services
firewall-cmd --runtime-to-permanent # Make the new settings persistent

firewall-cmd --new-service=service-name
firewall-cmd --new-service-from-file=service-name.xml

Enable port

firewall-cmd --zone=public --add-port=1234/tcp --permanent

Open TCP ports 80 and 443

sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
# or
sudo firewall-cmd --add-port=80/tcp --add-port=443/tcp --permanent

After adding the ports, you need to reload the firewall for the changes to take effect:

sudo firewall-cmd --reload

You can also check the status of the ports using the following command:

sudo firewall-cmd --list-ports

controlling ports

firewall-cmd --list-ports                       # List all allowed ports
firewall-cmd --add-port=port-number/port-type   # Add a port to the allowed ports to open it for incoming traffic
firewall-cmd --runtime-to-permanent             # Make the new settings persistent


firewall-cmd --remove-port=port-number/port-type
firewall-cmd --runtime-to-permanent

Przekierowanie ip na inny regula firewall-owa

firewall-cmd --permanent --new-policy ExamplePolicy
firewall-cmd --permanent --policy=ExamplePolicy --add-ingress-zone=HOST
firewall-cmd --permanent --policy=ExamplePolicy --add-egress-zone=ANY
firewall-cmd --permanent --policy=ExamplePolicy --add-rich-rule='rule family="ipv4" destination address="192.0.2.1" forward-port port="443" protocol="tcp" to-port="443" to-addr="192.51.100.20"'
firewall-cmd --reload

• https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking#assembly_configuring-nat-using-firewalld_using-and-configuring-firewalld