Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_firewall_settings_using_firewall-config_firewall-cmd_or_iptables [2016/02/29 22:14] billdozor created |
linux_wiki:configure_firewall_settings_using_firewall-config_firewall-cmd_or_iptables [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | About this page/ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Firewall Stack ====== | ||
- | |||
- | * firewall-config => GUI Frontend for firewalld | ||
- | * firewall-cmd => Cmd line frontend for firewalld | ||
- | * firewalld => Daemon that interacts with the Linux kernel' | ||
- | * cannot be used at the same time as iptables | ||
- | * iptables => Interacts with the Linux kernel' | ||
- | * cannot be used at the same time as firewalld | ||
- | |||
- | ---- | ||
- | |||
- | ==== Firewalld (firewall-cmd, | ||
- | |||
- | Install and start firewall packages (included by default on base, not minimum install) | ||
- | <code bash> | ||
- | yum install firewalld firewall-config | ||
- | systemctl start firewalld | ||
- | systemctl enable firewalld | ||
- | </ | ||
- | |||
- | View zone names | ||
- | <code bash> | ||
- | firewall-cmd --get-zones | ||
- | </ | ||
- | |||
- | View default zone | ||
- | <code bash> | ||
- | firewall-cmd --get-default-zone | ||
- | </ | ||
- | * Zone " | ||
- | |||
- | View current rules (default zone) | ||
- | <code bash> | ||
- | firewall-cmd --list-all | ||
- | </ | ||
- | |||
- | View rules, specify zone | ||
- | <code bash> | ||
- | firewall-cmd --zone=home --list-all | ||
- | </ | ||
- | |||
- | View all zones rules | ||
- | <code bash> | ||
- | firewall-cmd --list-all-zones | ||
- | </ | ||
- | |||
- | Add source IP network for home zone (Runtime change) | ||
- | <code bash> | ||
- | firewall-cmd --zone=home --add-source=192.168.1.0/ | ||
- | </ | ||
- | * Runtime/ | ||
- | |||
- | Permanent change (survives firewall reload or system reboot) | ||
- | <code bash> | ||
- | firewall-cmd --zone=home --permanent --add-source=192.168.1.0/ | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | * Permanent changes do not take effect until a firewall-cmd --reload | ||
- | |||
- | Allow HTTP on default zone (instant change and also permanent) | ||
- | <code bash> | ||
- | firewall-cmd --add-port=80/ | ||
- | firewall-cmd --permanent --add-port=80/ | ||
- | </ | ||
- | |||
- | Launch GUI, firewall-config | ||
- | <code bash> | ||
- | firewall-config | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ==== iptables ==== | ||
- | |||
- | You can use iptables, but it is recommended to use firewall-cmd instead. Using iptables instead requires disabling firewalld, installing iptables-services, | ||
- | |||
- | ---- | ||