Mar - 2023 - Archives - Bałtyk Blog

2023

March 1, 2025 2 min read Docs

Docs SysAdmin Systems Unix-Like Networks

Basic Troubleshooting 1# Get the state 2firewall-cmd --state 3systemctl status firewalld 4 5# Get infos 6firewall-cmd --get-default-zone 7firewall-cmd --get-active-zones 8firewall-cmd --get-zones 9firewall-cmd --set-default-zone=home 10 11firewall-cmd --permanent --zone=FedoraWorkstation --add-source=00:FF:B0:CB:30:0A 12firewall-cmd --permanent --zone=FedoraWorkstation --add-service=ssh 13 14firewall-cmd --get-log-denied 15firewall-cmd --set-log-denied=<all, unicast, broadcast, multicast, or off> Add/Remove/List Services 1#Remove 2firewall-cmd --zone=public --add-service=ftp --permanent 3firewall-cmd --zone=public --remove-service=ftp --permanent 4firewall-cmd --zone=public --remove-port=53/tcp --permanent 5firewall-cmd --zone=public --list-services 6 7# Add 8firewall-cmd --zone=public --new-service=portal --permanent 9firewall-cmd --zone=public --service=portal --add-port=8080/tcp --permanent 10firewall-cmd --zone=public --service=portal --add-port=8443/tcp --permanent 11firewall-cmd --zone=public --add-service=portal --permanent 12firewall-cmd --reload 13 14firewall-cmd --zone=public --new-service=k3s-server --permanent 15firewall-cmd --zone=public --service=k3s-server --add-port=443/tcp --permanent 16firewall-cmd --zone=public --service=k3s-server --add-port=6443/tcp --permanent 17firewall-cmd --zone=public --service=k3s-server --add-port=8472/udp --permanent 18firewall-cmd --zone=public --service=k3s-server --add-port=10250/tcp --permanent 19firewall-cmd --zone=public --add-service=k3s-server --permanent 20firewall-cmd --reload 21 22firewall-cmd --zone=public --new-service=quay --permanent 23firewall-cmd --zone=public --service=quay --add-port=8443/tcp --permanent 24firewall-cmd --zone=public --add-service=quay --permanent 25firewall-cmd --reload 26 27firewall-cmd --get-services # It's also possible to add a service from list 28firewall-cmd --runtime-to-permanent Checks and Get infos list open port by services 1for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done; 2 3sudo sh -c 'for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;' 4ssh 522/tcp 6dhcpv6-client 7546/udp Check one service 1firewall-cmd --info-service cfrm-IC 2cfrm-IC 3 ports: 7780/tcp 8440/tcp 8443/tcp 4 protocols: 5 source-ports: 6 modules: 7 destination: List zones and services associated 1firewall-cmd --list-all 2public (active) 3 target: default 4 icmp-block-inversion: no 5 interfaces: ens192 6 sources: 7 services: ssh dhcpv6-client https Oracle nimsoft 8 ports: 10050/tcp 1521/tcp 9 protocols: 10 masquerade: no 11 forward-ports: 12 source-ports: 13 icmp-blocks: 14 rich rules: 1firewall-cmd --zone=backup --list-all Get active zones 1firewall-cmd --get-active-zones 2backup 3 interfaces: ens224 4public 5 interfaces: ens192 Tree folder 1ls /etc/firewalld/ 2firewalld.conf helpers/ icmptypes/ ipsets/ lockdown-whitelist.xml services/ zones/ IPSET 1firewall-cmd --get-ipset-types 2firewall-cmd --permanent --get-ipsets 3firewall-cmd --permanent --info-ipset=integration 4firewall-cmd --ipset=integration --get-entries 5 6firewall-cmd --permanent --new-ipset=test --type=hash:net 7firewall-cmd --ipset=local-blocklist --add-entry=103.133.104.0/23