Firewalld Quickstart Guide
source link: https://www.vultr.com/docs/firewalld-quickstart-guide
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Firewalld is the default software firewall for Fedora, CentOS 7, and other modern distributions based on Red Hat or SUSE Linux. This quickstart guide outlines several useful commands and techniques to assist debugging Firewalld.
Verify firewalld is active
$ firewall-cmd --state
running
Check the zones assigned to active interfaces
$ firewall-cmd --get-active-zones
public
interfaces: ens3
Check which ports and services are allowed
Assuming your active zone is public, this quick check reveals what traffic is allowed.
$ firewall-cmd --zone=public --list-ports
7000-8000/tcp
$ firewall-cmd --zone=public --list-services
cockpit dhcpv6-client ssh
Example: Allow SSH
Assuming your active zone is public, use either of these two methods to allow SSH.
$ firewall-cmd --zone=public --add-service=ssh
or
# firewall-cmd --add-port=22/tcp
Panic Mode
Drop All Packets
As root, use the --panic-on
switch.
# firewall-cmd --panic-on
All packets will be dropped. Active connections will be terminated after a period of inactivity.
Panic Mode Off
As root, use the --panic-off
switch.
# firewall-cmd --panic-off
Check Panic Mode Status
firewall-cmd --query-panic && echo "enabled" || echo "Not enabled"
Permanent vs. Temporary Configuration
Temporary changes cause a common issue; the server works as expected until the next reboot. Make sure you permanently save your configuration.
To make a command permanent, add the --permanent
option to all commands except --direct
commands (which are temporary by nature). Setting made with the --permanent
option do not take effect until the next firewall reload, service restart, or system reboot. Settings made without the --permanent
option take effect immediately, but are only valid until the next firewall reload, system boot, or service restart.
Disable firewalld
As root, mask and disable the service.
# systemctl mask --now firewalld.service
# systemctl disable --now firewalld.service
For more information
Want to contribute?
You could earn up to $600 by adding new articles
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK