linux:network_firewalld
This is an old revision of the document!
Table of Contents
Firewalld
List firewall rules
manu-opensuse:~ # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: eth0 wlan0 sources: services: dhcpv6-client ms-wbt ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Check the firewall status
manu-opensuse:~ # firewall-cmd --state running
Add a rule
manu-opensuse:~ # firewall-cmd --add-service=http --zone=public --permanent manu-opensuse:~ # firewall-cmd --add-port=1600/tcp --zone=public --permanent manu-opensuse:~ # firewall-cmd --reload
To remove a port use:
manu-opensuse:~ # firewall-cmd --zone=public --remove-port=1555/tcp --permanent
Config file:
[root@tiprglp01 etc]# cat /etc/firewalld/zones/public.xml <?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> <port protocol="tcp" port="1500"/> <port protocol="tcp" port="11090"/> <port protocol="tcp" port="1550"/> <port protocol="tcp" port="1600"/> <port protocol="tcp" port="1650"/> <port protocol="tcp" port="1501"/> <port protocol="tcp" port="1581"/> <port protocol="tcp" port="1555"/> <port protocol="tcp" port="10050"/> <port protocol="udp" port="10050"/> </zone>
Firewall debug
Enable the firewall log (value between 1 and 10)
[root@tiprglp01 etc]# cat /etc/sysconfig/firewalld # firewalld command line args # possile values: --debug FIREWALLD_ARGS="--debug=2"
The log is automatically created in /var/log/firewalld
linux/network_firewalld.1609532708.txt.gz · Last modified: 2021/01/01 21:25 by 127.0.0.1
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
