Differences
This shows you the differences between two versions of the page.
|
linux_wiki:configure_firewall_settings_using_firewall-config_firewall-cmd_or_iptables [2016/03/05 17:03] billdozor [Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables] |
linux_wiki:configure_firewall_settings_using_firewall-config_firewall-cmd_or_iptables [2019/05/25 23:50] |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables ====== | ||
| - | |||
| - | **General Information** | ||
| - | |||
| - | Firewalld is a new zone based firewall in RHEL 7. It replaces iptables. | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ====== Firewall Stack ====== | ||
| - | |||
| - | * firewall-config => GUI Frontend for firewalld | ||
| - | * firewall-cmd => Cmd line frontend for firewalld | ||
| - | * firewalld => Daemon that interacts with the Linux kernel' | ||
| - | * cannot be used at the same time as iptables | ||
| - | * iptables => Interacts with the Linux kernel' | ||
| - | * cannot be used at the same time as firewalld | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ==== Firewalld (firewall-cmd, | ||
| - | |||
| - | Install and start firewall packages (included by default on base, not minimum install) | ||
| - | <code bash> | ||
| - | yum install firewalld firewall-config | ||
| - | systemctl start firewalld | ||
| - | systemctl enable firewalld | ||
| - | </ | ||
| - | |||
| - | View zone names | ||
| - | <code bash> | ||
| - | firewall-cmd --get-zones | ||
| - | </ | ||
| - | |||
| - | View default zone | ||
| - | <code bash> | ||
| - | firewall-cmd --get-default-zone | ||
| - | </ | ||
| - | * Zone " | ||
| - | |||
| - | View current rules (default zone) | ||
| - | <code bash> | ||
| - | firewall-cmd --list-all | ||
| - | </ | ||
| - | |||
| - | View rules, specify zone | ||
| - | <code bash> | ||
| - | firewall-cmd --zone=home --list-all | ||
| - | </ | ||
| - | |||
| - | View all zones rules | ||
| - | <code bash> | ||
| - | firewall-cmd --list-all-zones | ||
| - | </ | ||
| - | |||
| - | Add source IP network for home zone (Runtime change) | ||
| - | <code bash> | ||
| - | firewall-cmd --zone=home --add-source=192.168.1.0/ | ||
| - | </ | ||
| - | * Runtime/ | ||
| - | |||
| - | Permanent change (survives firewall reload or system reboot) | ||
| - | <code bash> | ||
| - | firewall-cmd --zone=home --permanent --add-source=192.168.1.0/ | ||
| - | firewall-cmd --reload | ||
| - | </ | ||
| - | * Permanent changes do not take effect until a firewall-cmd --reload | ||
| - | |||
| - | Allow HTTP on default zone (instant change and also permanent) | ||
| - | <code bash> | ||
| - | firewall-cmd --add-port=80/ | ||
| - | firewall-cmd --permanent --add-port=80/ | ||
| - | </ | ||
| - | |||
| - | Launch GUI, firewall-config | ||
| - | <code bash> | ||
| - | firewall-config | ||
| - | </ | ||
| - | |||
| - | ---- | ||
| - | |||
| - | ==== iptables ==== | ||
| - | |||
| - | You can use iptables, but it is recommended to use firewall-cmd instead. Using iptables instead requires disabling firewalld, installing iptables-services, | ||
| - | |||
| - | ---- | ||