redhat firewalld - ghdrako/doc_snipets GitHub Wiki

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking

Status

firewall-cmd --state
firewall-cmd --list-services
systemctl status firewalld

Show rules

firewall-cmd --get-all-rules --direct

Start

systemctl unmask firewalld
systemctl start firewalld
systemctl enable firewalld

stop

systemctl stop firewalld
systemctl disable firewalld  # prevent firewalld from starting automatically at system start,
systemctl mask firewalld     #  make sure firewalld is not started by accessing the firewalld D-Bus interface and also if other services require firewalld

control traffic in services

firewall-cmd --panic-on    # immediately disable networking traffic
firewall-cmd --panic-off
firewall-cmd --query-panic

firewall-cmd --list-services # List allowed services
firewall-cmd --get-services # List all predefined services
firewall-cmd --add-service=<service-name> # add the service to the allowed services
firewall-cmd --runtime-to-permanent # Make the new settings persistent

firewall-cmd --new-service=service-name
firewall-cmd --new-service-from-file=service-name.xml

Enable port

firewall-cmd --zone=public --add-port=1234/tcp --permanent

Open TCP ports 80 and 443

sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
# or
sudo firewall-cmd --add-port=80/tcp --add-port=443/tcp --permanent

After adding the ports, you need to reload the firewall for the changes to take effect:

sudo firewall-cmd --reload

You can also check the status of the ports using the following command:

sudo firewall-cmd --list-ports

controlling ports

firewall-cmd --list-ports                       # List all allowed ports
firewall-cmd --add-port=port-number/port-type   # Add a port to the allowed ports to open it for incoming traffic
firewall-cmd --runtime-to-permanent             # Make the new settings persistent


firewall-cmd --remove-port=port-number/port-type
firewall-cmd --runtime-to-permanent

Przekierowanie ip na inny regula firewall-owa

firewall-cmd --permanent --new-policy ExamplePolicy
firewall-cmd --permanent --policy=ExamplePolicy --add-ingress-zone=HOST
firewall-cmd --permanent --policy=ExamplePolicy --add-egress-zone=ANY
firewall-cmd --permanent --policy=ExamplePolicy --add-rich-rule='rule family="ipv4" destination address="192.0.2.1" forward-port port="443" protocol="tcp" to-port="443" to-addr="192.51.100.20"'
firewall-cmd --reload

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_and_managing_networking/using-and-configuring-firewalld_configuring-and-managing-networking#assembly_configuring-nat-using-firewalld_using-and-configuring-firewalld