Firewalld:¶
- Title:
firewalld
- Author:
Douglas O’Leary <dkoleary@olearycomputers.com>
- Description:
notes on firewalld
- Date created:
12/15/17
- Date updated:
- Disclaimer:
Standard: Use the information that follows at your own risk. If you screw up a system, don’t blame it on me…
<sigh>
Commands:¶
- systemctl status firewalld
Displays firewalld status
- firewall-cmd –get-services:
List pre-defined services but all on one line.
- firewall-cmd –add-service=ftp
Add ftp to the list of services avaiable for the active zone
- firewall-cmd –get-active-zone
Displays the current/active zone
- firewall-cmd –get-default-zone
Displays the default zone
- firewall-cmd –get-zones
Displays all available zones. Not overly useful:
# firewall-cmd --get-zones block dmz drop external home internal public trusted work
- firewall-cmd –list-all-zones
Displays much more detailed information about each zone.
- fireawll-cmd –list–all [ –zone=${zone} ]
Displays current configuration of the active (or specified) zone which will include the assigned interfaces.
- firewall-cmd –get-zone-of-interface=${interface}
Identify the firewall zone to which an interface is assigned.
- firewall-cmd –list-services [ –zone=${zone} ]
Displays the services that have been enabled in the active or specified zone.
IP forwarding:¶
If using firewalld to route/nat, ensure ip_forward is set:
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
Interfaces:¶
Files in /etc/firewalld (prob should leave those alone)
firewall-config (GUI)
firewall-cmd (cli)
Procedures:¶
Adding/deleting a service:¶
firewall-cmd --add-service=${service} [ --permanent ]
firewall-cmd --delete-service=${service} [ --permanent ]
firewall-cmd --reload
Identify a zone for a specific interface:¶
# firewall-cmd --get-zone-of-interface=eth1
public