Firewalld
–permanent param added to prevent invalid when restart.
Check Status
Get default services that are available.
1 | firewall-cmd --get-services |
1 | firewall-cmd --list-all-zones |
1 | firewall-cmd --list-all |
Set Zone to Active
1 | firewall-cmd --permanent --zone=public --change-interface=eth0 |
Set Zone to Drop
1 | firewall-cmd --permanent --zone=public --set-target=DROP |
Commands
make it count.
1 | firewall-cmd --reload |
others
1 | firewall-cmd --permanent --zone=public --add-source=192.168.86.0/24 |
Port Forward
1 | firewall-cmd --permanent --zone=public --add-forward-port=port=8080:proto=tcp:toport=80:toaddr=192.168.1.113 |
Rich Rules
1 | man firewalld.richlanguage |
--add-rich-rule, --list-rich-rules, --remove-rich-rule
to manage.
1 | # Allow all traffic from 192.168.0.14 |
1 | firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" reject' |
Let internal access freely, but refuse public access of ssh
1 | firewall-cmd --permanent --zone=trusted --change-interface=em4 |
iptables
1 | iptables --list |
Issues
mysql can not connect to ip and port.
Got error: no route to host
1 | > telnet 192.168.1.108 4006 |
Shutdown Firewalld, still no good.
Issue this works:
1 | iptables -F |