-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathnote_firewalld.txt
70 lines (61 loc) · 3.03 KB
/
note_firewalld.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
Firewalld
->Network interface
->Zones
block
dmz
drop
external
home
internal
libvirt
public
trusted
work
->Service
->Port
->Protocol
->Rich Rules
firewalld -->interface -->zones -->port&service --> --permanent -->Rich Rules
=====================
systemctl enable --now firewalld # firewalld service
firewall-cmd --list-all # check firewalld status
firewall-cmd --reload # reload configuration
firewall-cmd --get-zones # list zones
firewall-cmd --get-active-zones # check active zone
firewall-cmd --change-interface=ens3 --zone=corp --permanent # assign interface to zone
firewall-cmd --permanent --zone=external --add-service=ftp # add service/port
firewall-cmd --permanent --zone=external --add-port=60001/udp
firewall-cmd --permanent --zone=external --remove-service=ftp # remove service/port
firewall-cmd --permanent --zone=external --remove-port=60001/udp
1.check ip a
2.check service firewalld status
3.check firewalld status firewall-cmd --list-all
-see zones
-interface
-services
-ports
firewall-cmd --list-services
firewall-cmd --list-ports
option
to - set + --permanent
to - list
firewall-cmd: This is the primary command-line tool for managing firewalld. It allows you to add, remove, and modify firewall rules.
--permanent: Many firewall-cmd commands accept the --permanent option, which indicates that the changes should be made permanent and persist across reboots.
--zone: Specifies the firewall zone to which the changes apply. Zones define the level of trust for network connections. Common zones include "public", "internal", "external", "trusted", etc.
--add-service: Adds a service to the firewall rules. Services are predefined sets of ports and protocols associated with specific applications or services. For example, "http", "ssh", "smtp", etc.
--remove-service: Removes a service from the firewall rules.
--add-port: Adds a port to the firewall rules. You need to specify both the port number and the protocol (tcp or udp). For example, "--add-port=80/tcp".
--remove-port: Removes a port from the firewall rules.
--list-all: Displays a comprehensive list of all firewall rules, zones, services, ports, and other settings.
--reload: Reloads the firewalld configuration to apply any changes made since the last reload.
--panic-on: Sets the firewall to panic mode, blocking all incoming and outgoing traffic except for traffic explicitly allowed by predefined rules.
--panic-off: Disables panic mode, allowing normal traffic flow according to firewall rules.
--query-panic: Checks if panic mode is currently enabled or disabled.
--get-default-zone: Retrieves the default firewall zone.
--set-default-zone: Sets the default firewall zone.
=====================
step
1.firewall-cmd --get-default-zone #Display the current default zone:
2.firewall-cmd --set-default-zone work #set default zone
3.firewall-cmd --get-active-zones #List the active zones and the interfaces assigned
3.firewall-cmd --zone=zone-name --change-interface=<interface-name> #Assign the interface to a different zone