Installation Firewalld - kwantu/platformconfiguration GitHub Wiki
migrated to new wiki
Firewalld installation and use
Start Firewalld
systemctl enable firewalld
systemctl start firewalld
systemctl status firewalld
To view currently allowed ports:
firewall-cmd --list-all
#to get active zones
firewall-cmd --get-active-zones
firewall-cmd --add-port=6984/tcp --permanent
firewall-cmd --reload
firewall-cmd --add-port=8080/tcp --permanent
firewall-cmd --reload
firewall-cmd --add-port=80/tcp --permanent
firewall-cmd --add-port=443/tcp --permanent
firewall-cmd --add-port=9443/tcp --permanent
firewall-cmd --reload
# install nodejs on application
./playbook.sh prod nodejs application
./playbook.sh prod mysql application
./playbook.sh prod redis application
# install for the first time nginx
./playbook.sh prod nginx nginx -e "nginx_setup=true"
for first time installation
./playbook.sh prod mysql application -e "mysql_harden=true mysql_setup=true"
# If error then remove mysql first.
had to change the default password to
./playbook.sh prod nginx -e "mysql_harden=true mysql_setup=true"
# install couchdb
./playbook.sh prod couchdb couchdb kwantu06.dedicated.co.za
./playbook.sh prod couchdb couchdb kwantu05.dedicated.co.za
to add the db to a local trusted zone
sudo firewall-cmd --zone=trusted --add-source=41.76.208.248/32 --permanent
sudo firewall-cmd --zone=trusted --add-source=41.76.208.57/32 --permanent
sudo firewall-cmd --zone=trusted --add-source=41.76.208.255/32 --permanent
sudo firewall-cmd --zone=trusted --add-source=41.76.209.15/32 --permanent
sudo firewall-cmd --zone=trusted --add-source=41.76.208.144/32 --permanent
firewall-cmd --zone=trusted --add-port=8003/tcp --permanent
firewall-cmd --zone=trusted --add-port=5985/tcp --permanent
firewall-cmd --reload
# add a port
firewall-cmd --add-port=8003/tcp --permanent
firewall-cmd --reload
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="154.0.174.125/32" port protocol="tcp" port="8003" accept'
firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="154.0.174.125/32" port protocol="tcp" port="5985" accept'
## Find and manage the active zones
firewall-cmd --get-active-zones