firewalld

references

install

# yum install firewalld firewall-config
# systemctl start firewalld.service 
# systemctl status firewalld.service
# firewall-cmd --get-active-zones
# firewall-cmd --get-services
# firewall-cmd --zone=public --list-all
# firewall-cmd --get-zones
# firewall-cmd --get-default-zone
# firewall-cmd --list-all-zones

fichiers

# cat  /etc/firewalld/firewalld.conf 
# ls  /etc/firewalld/zones
# cat /etc/firewalld/zones/public.xml 

lier une interface a une zone

# firewall-cmd --get-zone-of-interface=eth0
# firewall-cmd --zone=public --change-interface=eth0
# firewall-cmd --permanent --zone=public --change-interface=eth0
# grep eth0 /etc/firewalld/zones/public.xml
  <interface name="eth0"/>

gestion de services simples

ajout httpd et retait ssh pour tous

# firewall-cmd --add-service=http --permanent
# firewall-cmd --zone=public --remove-service=ssh --permanent
# firewall-cmd --reload
# firewall-cmd --list-all

gestion de regles complexes

afin d'integrer la source par exemple + log + exemple ajout et retrait :

# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.1.11/32" service name="http" log prefix="http_192.168.1.11" accept'
# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.1/32" service name="ssh" log prefix="ssh_" accept'
# firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="192.168.0.1/32" service name="ssh" log prefix="ssh_192.168.0.1" accept'
# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" port port=8080 protocol=tcp log prefix="http8080" accept'
# firewall-cmd --reload
docpublic/systemes/firewalld.txt · Last modified: 2019/04/17 06:46 by procacci@tem-tsp.eu
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0