# yum install firewalld firewall-config # systemctl start firewalld.service # systemctl status firewalld.service # firewall-cmd --get-active-zones # firewall-cmd --get-services # firewall-cmd --zone=public --list-all # firewall-cmd --get-zones # firewall-cmd --get-default-zone # firewall-cmd --list-all-zones
# cat /etc/firewalld/firewalld.conf # ls /etc/firewalld/zones # cat /etc/firewalld/zones/public.xml
# firewall-cmd --get-zone-of-interface=eth0 # firewall-cmd --zone=public --change-interface=eth0 # firewall-cmd --permanent --zone=public --change-interface=eth0 # grep eth0 /etc/firewalld/zones/public.xml <interface name="eth0"/>
ajout httpd et retait ssh pour tous
# firewall-cmd --add-service=http --permanent # firewall-cmd --zone=public --remove-service=ssh --permanent # firewall-cmd --reload # firewall-cmd --list-all
afin d'integrer la source par exemple + log + exemple ajout et retrait :
# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.1.11/32" service name="http" log prefix="http_192.168.1.11" accept' # firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.1/32" service name="ssh" log prefix="ssh_" accept' # firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="192.168.0.1/32" service name="ssh" log prefix="ssh_192.168.0.1" accept' # firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" port port=8080 protocol=tcp log prefix="http8080" accept' # firewall-cmd --reload