firewalld — configuration

firewalld — configuration

ref-url — https://www.linode.com/docs/security/firewalls/introduction-to-firewalld-on-centos/
ref url- https://www.computernetworkingnotes.com/rhce-study-guide/firewalld-rich-rules-explained-with-examples.html

# firewall-cmd –permanent –zone=internal –add-service=samba
# firewall-cmd –reload

systemctl start firewalld
systemctl enable firewalld
firewall-cmd –state
firewall-cmd –get-default-zone
firewall-cmd –get-active-zones
firewall-cmd –get-services
firewall-cmd –zone=public –add-service=http –permanent
firewall-cmd –zone=public –remove-service=http –permanent
1. Activate masquerade in the desired zone.
sudo firewall-cmd –zone=public –add-masquerade
2. Port Forwarding — The example rule below forwards traffic from port 80 to port 12345 on the same server.
sudo firewall-cmd –zone=”public” –add-forward-port=port=80:proto=tcp:toport=12345
3. Add the forward rule. This example forwards traffic from local port 80 to port 8080 on a remote server located at the IP address: 123.456.78.9.
sudo firewall-cmd –zone=”public” –add-forward-port=port=80:proto=tcp:toport=8080:toaddr=123.456.78.9
To remove the rules, substitute –add with –remove. For example:

# default zones
sudo firewall-cmd –set-default-zone=dmz
sudo firewall-cmd –zone=dmz –add-interface=eth0

sudo firewall-cmd –reload
firewall-cmd –zone=dmz –list-all

sudo firewall-cmd –list-rich-rules

firewall-cmd –permanent –zone=internal –add-service=samba
firewall-cmd –permanent –zone=internal –add-port=22/tcp
firewall-cmd –permanent –zone=internal –add-port=8080/tcp
firewall-cmd –permanent –zone=internal –add-port=1521/tcp
firewall-cmd –permanent –zone=internal –add-port=7001/tcp
firewall-cmd –permanent –zone=internal –add-port=9001/tcp
firewall-cmd –permanent –zone=internal –add-port=9002/tcp
firewall-cmd –permanent –zone=internal –add-port=5556/tcp
firewall-cmd –permanent –zone=internal –add-port=14021/tcp
firewall-cmd –permanent –zone=internal –add-port=14021/udp

firewall-cmd –permanent –zone=internal –add-rich-rule=’rule family=ipv4 source address=0.0.0.0/0 port port=”7001″ protocol=”tcp” log level=notice prefix=”firewalld rich rule INFO: ” limit value=”5/m” reject’

firewall-cmd –add-rich-rule=’rule protocol value=”icmp” reject’ –permanent

firewall-cmd –reload

9002/tcp 9001/tcp 7001/tcp 1521/tcp 5556/tcp 80/tcp 443/tcp 7777/tcp 14021/tcp 9002/udp 14021/udp

ref url- https://www.computernetworkingnotes.com/rhce-study-guide/firewalld-rich-rules-explained-with-examples.html
# reject ping request
firewall-cmd –add-rich-rule=’rule protocol value=”icmp” reject’ –permanent
firewall-cmd –list-rich-rules
# rule will be automatically removed after 60 seconds
firewall-cmd –add-rich-rule=’rule protocol value=”icmp” reject’ –timeout=60

# net
# netstat -ntlp [to see open ports — tcp]
# netstat -nulp [to see open ports — udp]

Advertisements