firewalld
LIST ALL ZONES:
[root@ system]# firewall-cmd --get-zones block dmz drop external home internal public trusted work
each zone has an *.xmo file in /etc/firewalld/zones
QUERY DEFAULT ZONE:
[root@ system]# firewall-cmd --get-default-zone public
GET ACTIVE ZONES:
[root@ system]# firewall-cmd --get-active-zones [root@ system]#
MOVE AN EXSITING ZONE TO A DIFFERENT INTERFACE:
[root@ system]# firewall-cmd --zone=internal --change-interface=eth0
LIST AVAILABLE PREDEFINED SERVICES:
[root@ system]# firewall-cmd --get-services RH-Satellite-6 amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https
STANDARD PORTS NEEDED:
[root@ system]# firewall-cmd --zone=public --add-service=ssh --permanent success [root@ system]# firewall-cmd --zone=public --add-service=http --permanent success [root@ system]# firewall-cmd --zone=public --add-service=https --permanent success [root@ system]# firewall-cmd --zone=public --add-service=https --permanent success
TEAMPEAK STUFF / Custom Ports and Protocols:
[root@ system]# firewalld-cmd --permanent --zone=public --add-port=9987/udp success [root@ system]# firewalld-cmd --permanent --zone=public --add-port=30033/tcp success [root@ system]# firewalld-cmd --permanent --zone=public --add-port=10011/tcp success
RELOAD THE RULES:
[root@ system]# firewall-cmd --reload [root@ system]# success
firewalld.txt · Last modified: 2021/04/24 07:40 by 127.0.0.1