FirewallD Flashcards
To Enable FirewallD
systemctl enable
To disable FirewallD
systemctl disable
To start Firewalld
systemctl start
To stop firewallD
systemctl stop
To view the status of FirewallD
firewall-cmd –state
or
systemctl status firewalld
To see the default zone
firewall-cmd –get -default-zone
To change the default zone
firewall-cmd –set-default-zone= work
To see the zones used by the network interface
firewall-cmd –get -active-zones
To see the area of an interface
firewall-cmd –get -zone-of-interface=eth0
To change the zone of an interface via firewalld
firewall-cmd –zone= work –change-interface=eth0
To change the zone of an interface via Network manager
nmcli connection modify eth0 connection.zone work
To see the zones used by the network interfaces
firewall-cmd –get -active-zones
To see the configuration of a specific zone
firewall -cmd –zone=public –list -all
To see the configuration of all zones
firewall-cmd –list -all-zones
Create a new area
firewall-cmd –permanent –new-zone docker
where can you find the files for default configurations?
/ usr /lib /firewalld /services
Where can you find custom configuration files?
/etc / firewalld / services
To see existing services
firewall-cmd –get -services
To authorize service on a zone
firewall-cmd –zone= work – add -service=http
or
firewall-cmd –zone=work – add -service=http –permanent
How to remove a service from a zone
firewall -cmd –zone= work –remove -service ==http
or
firewall -cmd –zone= work –remove -service ==http –permanent
To authorize a port on a zone
firewall-cmd –zone= work – add -port=2222/ tcp
or
firewall-cmd –zone= work – add -port=2222 /tcp –permanent
and
firewall-cmd –zone= work – add -port=126/ udp
or
firewall-cmd –zone= work – add -port=126/ udp –permanent
To remove a port from a area
firewall-cmd –zone= work – remove -port=2222/ tcp
or
firewall-cmd –zone= work – remove -port=2222/ tcp – permanent
To redirect one port to another on the same machine
firewall-cmd –zone= work – add - forward -port=port=80 :proto=tcp:toport =9000
To forward a port to another machine
firewall-cmd –zone= work –add -forward - port=port=80:proto= tcp:toport =8080:toaddr=192.168.10.5
To enable masquerade
firewall-cmd –zone=public –add -masquerade –permanent
To validate the masquerade info
cat /proc /sys /net/ipv4/ ip_forward 0
0 = not enabled, 1 = enabled
To view the list of ICMP messages
firewall-cmd –get-icmptypes
To block an Icmp message (ping)
firewall-cmd –zone= work – query - icmp -block = echo-request – permanent
firewall-cmd –zone= work –query icmp -block= echo-reply –permanent