Friday, 7 October 2016

RHEL/CentOS 7: firewalld Basics

RHEL/CentOS 7:firewalld Basics


Install and enable firewalld


sudo yum install firewalld
sudo systemctl enable firewalld

sudo systemctl start firewalld.service
firewall-cmd --state OR systemctl status firewalld

Add rules


--permanent is needed for the rule to stay after a reload. If you remove the --permanent the rule will be lost when the firewall is restarted via a firewall reload or a server reboot.

Add an IP address


firewall-cmd --zone=public --permanent--add-rich-rule='rule family="ipv4" source address="x.x.x.x/8" reject' //Reject IP address x.x.x.x with a subnet mask for 255.0.0.0

firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="x.x.x.x" accept' //Accept a single IP address

Add Port/Service


firewall-cmd --zone=public --add-port=10000/tcp --permanent

firewall-cmd --zone=public --permanent --add-service=https

Remove a rule


firewall-cmd --zone=public --permanent --remove-rich-rule='rule family="ipv4" source address="x.x.x.x" accept' //Remove a rule

firewall-cmd --zone=public --permanent --remove-service=https

Make and view changes


firewall-cmd --reload
firewall-cmd --list-all

No comments:

Post a Comment