Skip to main content

Firewalld Command - Useful firewall-cmd Examples (RHEL based)

 


Image Source: techmint

Useful firewall-cmd Examples 

(Source: thegreekdiary.com)



1. List all zones Use the following command to list information for all zones. Only partial output is displayed. 
firewall-cmd --list-all-zones
Output:

work
 target: default
 icmp-block-inversion: no
 interfaces:
 sources:
 services: dhcpv6-client ssh
 ports:
 protocols:
 masquerade: no
 forward-ports:
 sourceports:
 icmp-blocks:
 rich rules:

drop
 target: DROP
 icmp-block-inversion: no
 interfaces:
 sources:
 services:
 ports:
 protocols:
 masquerade: no forward-ports:
 sourceports:
 icmp-blocks:
 rich rules:
 .....


Public is the default zone set, if you do not change it. To check the currently set default zone use the below command:
firewall-cmd --get-default-zone
public


2. List allowed service and ports on the system To show currently allowed service on your system use the below command. 
firewall-cmd --list-services
dhcpv6-client ssh 



To list the ports that are open on your system: 
firewall-cmd --list-ports

You would normally see no ports listed here when you have just enabled the firewalld.

 

3. To Enable all the incoming ports for a service You can also open the required ports for a service by using the –add-seervice option.

To permit access by HTTP clients for the public zone: 
firewall-cmd --zone=public --add-service=http


success To list services that are allowed for the public zone: 
firewall-cmd --zone=work --list-services
dhcpv6-client http ssh 


Using this command only changes the Runtime configuration and does not update the configuration files. The following sequence of commands shows that configuration changes made in Runtime configuration mode are lost when the firewalld service is restarted: 
systemctl restart firewalld
firewall-cmd --zone=work --list-services
dhcpv6-client ssh



To make changes permanent, use the –permanent option.

Example: 
firewall-cmd --permanent --zone=public --add-service=http
success


Changes made in Permanent configuration mode are not implemented immediately.

Example: 
firewall-cmd --zone=work --list-services
dhcpv6-client ssh 


However, changes made in a Permanent configuration are written to configuration files.

Restarting the firewalld service reads the configuration files and implements the changes.

 Example: 
systemctl restart firewalld
firewall-cmd --zone=work --list-services
dhcpv6-client http ssh



4. Allow traffic on an incoming port The command below will open the port 2222 effective immediately, but will not persist across reboots: 
firewall-cmd --add-port=[YOUR PORT]/tcp

For example, to open TCP port 2222 : 
firewall-cmd --add-port=2222/tcp

The following command will create a persistent rule, but will not be put into effect immediately: 
firewall-cmd --permanent --add-port=[YOUR PORT]/tcp

For Example, to open TCP port 2222 : 
firewall-cmd --permanent --add-port=2222/tcp

To list the open ports, use the command :
firewall-cmd –-list-ports
2222/tcp



5. Start and stop firewalld service To start/stop/status firewalld service use the below commands: 
systemctl start firewalld.service
systemctl stop firewalld.service

To check the status of the firewalld service: 
systemctl status firewalld.service

Labels:

Popular posts from this blog

WordPress Site is not loading properly behind Google Cloud/AWS Load Balancer

Hello Guys, Today we are going to understand how can we fix a WordPress loading issue (CSS and JS loading issue) behind the Google Cloud Load Balancer or AWS Load Balancer. Generally, When we host a WordPress site directly with Google Cloud Compute Engine VM instance or AWS EC2 instance. It's loading perfectly fine. But once we added this WordPress server behind any Load Balancer either from GCP Load Balancer or AWS Load Balancer, you site will completely broken, means the CSS and JS of your site not loaded properly. The reason for this is - When you put a load balancer in front of WordPress, you need to modify wp-config.php to process the HTTP header HTTP_X_FORWARDED_PROTO to detect the protocol that the user is using and not the protocol the load balancer is using to connect to your backend. To fix this issue, we have to make following changes in the  wp-config.php  file and add the below code snippet on the top of  wp-config.php file - Google Cloud Platform Load Bal...
Read more

Git and GitHub Commands Mastery

1. Setup Git and GitHub Global Configuration  git config --global user.email "gautamthakur1983@gmail.com" git config --global user.name "Gautam Thakur" git config --global list git config --list 2. Git Lifecycle | Initilize, Status, Add, Commit git status git init git add git commit -m "Commit Message" git log git log --oneline 3. Git Difference between last commit changes and current version changes git diff 4. Git Compare between 2 different Git Commits git diff eac4c5b 82485b1 5. Git Statsh - To save some changes for temporary purpose ## Pop take out stash and clear but apply take out stash but not clear git stash (To save current changes for temporary) git stash pop (To take out all stash contents) git stash list git stash clear (To clear all the stash changes) git stash save "NAME"  git stash save "NAME1" (Working with multiple stash) git stash sapply 0 or 1 (0 for name, 1 for about) after that run git stash clear git stash clear 6...
Read more

How to Setup Kubernetes Cluster in Google Cloud Virtual Machine using "kubeadm"? | Ubuntu 20.04/22.04 LTS

  Hello Friends, In this post, we are going to setup Kubernetes Cluster on Virtual Machine in Google Cloud Platform using kubeadm tool. Hope this post will help you in Kubernetes learning Hand-On Labs (HOL). Requirements: Master Node: No. of VMs 1 Specifications - 2 vCPUs, 4GB RAM, 20 GB HDD (Balanced PD or SSD PD), Operating System (OS) Ubuntu 20.04 LTS x86/64, amd64  Firewall Rule - Ingress Allow 6443 (API Server) | 2379 (ETCD) | 10251 (Scheduler) | 10252 (Controller Manager) 10250 (Kubelet), sudo access with admin access  Worker Node: No. of VMs 2 Specifications - 2 vCPUs, 4GB RAM, 20 GB HDD (Balanced PD or SSD PD), Operating System (OS) Ubuntu 20.04 LTS x86/64, amd64  Firewall Rule - Ingress Allow 30000-32767 (Services) | 10250 (Kubelet),  sudo access with admin access  Disable Swap and comment fstab entry: First, Disable Swap and remove or comment the Swap entries from fstab file : sudo swapoff -a sudo sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab Next...
Read more