Ciberterminal Wiki

User Tools

Site Tools

Trace:
linux:firewalld_documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
linux:firewalld_documentation [2022/03/01 13:54] – created dodgerlinux:firewalld_documentation [2023/08/28 10:34] (current) dodger
Line 60: Line 60:
 ''--permanent'' does not apply rules on LIVE system!!! ''--permanent'' does not apply rules on LIVE system!!!
 </WRAP> </WRAP>
 +\\
 +To switch between permanent or live:
 +<code bash>
 +export PERMANENT="--permanent"
 +</code>
 +===== Reload rules =====
 +For example after using ''--permanent'' without applying live rules:
 +<code bash>
 +firewall-cmd --reload
 +</code>
  
 ===== View information ===== ===== View information =====
Line 66: Line 76:
 <code bash> <code bash>
 firewall-cmd --list-all firewall-cmd --list-all
 +</code>
 +
 +
 +==== list zones ====
 +<code bash>
 +firewall-cmd --get-zones
 </code> </code>
  
Line 99: Line 115:
   * non-permanent:   * non-permanent:
 <code bash> <code bash>
-firewall-cmd --zone=THEZONE --remove-service=THESERVICE +firewall-cmd ${PERMANENT} --zone=THEZONE --remove-service=THESERVICE
-</code> +
-  * permanent: +
-<code bash> +
-firewall-cmd --permanent --zone=THEZONE --remove-service=THESERVICE+
 </code> </code>
  
 Sample: Sample:
 <code bash> <code bash>
-acclr-psql-101 /etc/sysconfig # firewall-cmd --zone=public --remove-service=dhcpv6-client+ciberterminal.net /etc/sysconfig # firewall-cmd --zone=public --remove-service=dhcpv6-client
 success success
-acclr-psql-101 /etc/sysconfig # firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client +ciberterminal.net /etc/sysconfig # firewall-cmd ${PERMANENT} --zone=public --remove-service=dhcpv6-client 
-Warning: NOT_ENABLED: dhcpv6-clien+Warning: NOT_ENABLED: dhcpv6-client
 success success
 </code> </code>
Line 120: Line 132:
 Remove ipv6: Remove ipv6:
 <code bash> <code bash>
-firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client+firewall-cmd ${PERMANENT} --zone=public --remove-service=dhcpv6-client
 </code> </code>
  
Line 126: Line 138:
 Add snmp: Add snmp:
 <code bash> <code bash>
-firewall-cmd --permanent --zone=public --add-service=snmp+firewall-cmd ${PERMANENT} --zone=public --add-service=snmp
 </code> </code>
  
  
  
 +====== Rich Rules ======
  
 +===== Open port for source range =====
  
 <code bash> <code bash>
 +firewall-cmd ${PERMANENT} --zone=public --add-rich-rule='rule family=ipv4 source address=10.40.0.0/16 port port=8181 protocol=tcp accept'
 </code> </code>
  
  
 +
 +====== Openvpn/Wireguard setup ======
 +As a client:
 +
 +<code bash>
 +firewall-cmd ${PERMANENT} --zone=internal --add-interface=tun+
 +firewall-cmd ${PERMANENT} --zone=internal --add-interface=wg+
 +firewall-cmd ${PERMANENT} --zone=internal --add-interface=ppp+
 +
 +firewall-cmd ${PERMANENT} --list-all --zone=internal
 +
 +</code>
linux/firewalld_documentation.1646142852.txt.gz · Last modified: 2022/03/01 13:54 by dodger