Sheet for Firewalld

Overview

When the communication is inputted, the input that sets the packet filter zone has units of (Zone), zone service is configured in units of (Service), services are defined by the port number and name XML file Composed of.

To operate firewalld, firewall-cmduse the command.--permanentWith an option, it will be retained even after rebooting. If you execute without setting, the setting will be volatilized (will disappear after rebooting).

Check the operation

Create a service definition file

/usr/lib/firewalld/services/*.xmlIs the substance. Path may vary depending on distribution but CentOS7 and openSUSE Tumbleweed had the same path

Example: SSH

It looks like. You only need to write following this file. The owner of the file seems to be root:rootand the permissions seem to be 644 .

Reload the service definition file

The file is not recognized just by adding it.

Add services to the zone

When adding https(443/TCP) to the filter that allows communication

Add port number

For example I want to add TCP 8081 port to the filter that allows communication.

List of ports being set

List of currently set ports

List of currently set services

List of services that can be added

Firewalld filter confirmation

Settings are written to iptables, so iptables -Lcheck the status by doing something like (but it's hard to see).

More reference

 by the author.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maciej

Maciej

623 Followers

DevOps Consultant. I’m strongly focused on automation, security, and reliability.