For When You Can't Have The Real Thing
[ start | index | login ]
start > Fedora > Server > 25 > firewalld

firewalld

Created by dave. Last edited by dave, 64 days ago. Viewed 211 times. #7
[diff] [history] [edit] [rdf]
labels
attachments
(2016-12-06)

God help me, this is firwealld

After you make a change, reload the firewall to make it active:

# firewall-cmd --reload

Status:

# systemctl status firewalld

Active zones:

# firewall-cmd --get-active-zones

Defined services:

# firewall-cmd --list-services

Add a new service by service name (beware the active zone):

# firewall-cmd --zone=FedoraWorkstation --add-service=smtp --permanent

Add a port number:

# firewall-cmd --zone=FedoraWorkstation --add-port=80/tcp --permanent

Add a range of port numbers:

# firewall-cmd --zone=FedoraWorkstation --add-port=6000-6050/udp --permanent

List open services:

# # firewall-cmd --zone=FedoraWorkstation --list-services

List open ports that are not defined as services:

# firewall-cmd --zone=FedoraWorkstation --list-ports

Add Masquarading:

# firewall-cmd --zone=external --add-masquerade --permanent

Port forwarding:

# firewall-cmd --zone=external --add-forward-port=port=2022:proto=tcp:toport=22:toaddr=192.168.0.2
  • The options --toport and --toaddr are implied as being the same as the original destination if not specified
Change interface zone membership:
# firewall-cmd --permanent --zone=home --change-interface=p2p1
# firewall-cmd --permanent --zone=public --change-interface=p1p1
# firewall-cmd --reload
...although that hasn't actually helped for me. I had to edit /etc/sysconfig/network-scripts/ifcfg-$INTERFACE and add a
ZONE=$zone
.

Intra-zone traffic:

firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i ens256 -o ens192 -j ACCEPT
no comments | post comment

Virtual Dave Megaplex:

Internet Explorer 6 Users >>Click Here

(read this note about local search)

Logged in Users: (1)
… and 17 Guests.


Editing: snipsnap-help, Image Macro

(Et auditum est, et idcirco ego nunc simulare)

Installed 6 years and 102 days ago
Powered By >>SnipSnap Version 1.0b1-uttoxeter

This is a collection of techical information, much of it learned the hard way. Consider it a lab book or a /info directory. I doubt much of it will be of use to anyone else.

Useful:


snipsnap.org | Copyright 2000-2002 Matthias L. Jugel and Stephan J. Schmidt