Networks

In this section

• 🚩 Firewalld

  Basic Troubleshooting

   1# Get the state
   2firewall-cmd --state
   3systemctl status firewalld
   4
   5# Get infos
   6firewall-cmd --get-default-zone
   7firewall-cmd --get-active-zones
   8firewall-cmd --get-zones
   9firewall-cmd --set-default-zone=home
  10
  11firewall-cmd --permanent --zone=FedoraWorkstation --add-source=00:FF:B0:CB:30:0A
  12firewall-cmd --permanent --zone=FedoraWorkstation --add-service=ssh
  13
  14firewall-cmd --get-log-denied
  15firewall-cmd --set-log-denied=<all, unicast, broadcast, multicast, or off>   
  

  Add/Remove/List Services

   1#Remove
   2firewall-cmd --zone=public --add-service=ftp --permanent
   3firewall-cmd --zone=public --remove-service=ftp --permanent
   4firewall-cmd --zone=public --remove-port=53/tcp --permanent
   5firewall-cmd --zone=public --list-services
   6
   7# Add
   8firewall-cmd --zone=public --new-service=portal --permanent
   9firewall-cmd --zone=public --service=portal --add-port=8080/tcp --permanent
  10firewall-cmd --zone=public --service=portal --add-port=8443/tcp --permanent
  11firewall-cmd --zone=public --add-service=portal --permanent
  12firewall-cmd --reload
  13
  14firewall-cmd --zone=public --new-service=k3s-server --permanent
  15firewall-cmd --zone=public --service=k3s-server --add-port=443/tcp --permanent
  16firewall-cmd --zone=public --service=k3s-server --add-port=6443/tcp --permanent
  17firewall-cmd --zone=public --service=k3s-server --add-port=8472/udp --permanent
  18firewall-cmd --zone=public --service=k3s-server --add-port=10250/tcp --permanent
  19firewall-cmd --zone=public --add-service=k3s-server --permanent
  20firewall-cmd --reload
  21
  22firewall-cmd --zone=public --new-service=quay --permanent
  23firewall-cmd --zone=public --service=quay --add-port=8443/tcp --permanent
  24firewall-cmd --zone=public --add-service=quay --permanent
  25firewall-cmd --reload
  26
  27firewall-cmd --get-services  # It's also possible to add a service from list
  28firewall-cmd --runtime-to-permanent
  

  Checks and Get infos

  • list open port by services

  1for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;
  2
  3sudo sh -c 'for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;'
  4ssh
  522/tcp
  6dhcpv6-client
  7546/udp
  

  • Check one service

  1firewall-cmd --info-service cfrm-IC
  2cfrm-IC
  3  ports: 7780/tcp 8440/tcp 8443/tcp
  4  protocols:
  5  source-ports:
  6  modules:
  7  destination:
  

  • List zones and services associated

   1firewall-cmd --list-all
   2public (active)
   3  target: default
   4  icmp-block-inversion: no
   5  interfaces: ens192
   6  sources:
   7  services: ssh dhcpv6-client https Oracle nimsoft
   8  ports: 10050/tcp 1521/tcp
   9  protocols:
  10  masquerade: no
  11  forward-ports:
  12  source-ports:
  13  icmp-blocks:
  14  rich rules:
  

  1firewall-cmd --zone=backup --list-all
  

  • Get active zones

  1firewall-cmd --get-active-zones
  2backup
  3  interfaces: ens224
  4public
  5  interfaces: ens192
  

  • Tree folder

  1ls /etc/firewalld/
  2firewalld.conf    helpers/   icmptypes/  ipsets/    lockdown-whitelist.xml  services/   zones/
  

  IPSET

  1firewall-cmd --get-ipset-types
  2firewall-cmd --permanent --get-ipsets
  3firewall-cmd --permanent --info-ipset=integration
  4firewall-cmd --ipset=integration --get-entries
  5
  6firewall-cmd --permanent --new-ipset=test --type=hash:net
  7firewall-cmd --ipset=local-blocklist --add-entry=103.133.104.0/23
  

• 🚩 Network Manager

  Basic Troubleshooting

  • Checks interfaces

   1nmcli con show
   2NAME    UUID                                  TYPE      DEVICE
   3ens192  4d0087a0-740a-4356-8d9e-f58b63fd180c  ethernet  ens192
   4ens224  3dcb022b-62a2-4632-8b69-ab68e1901e3b  ethernet  ens224
   5
   6nmcli dev status
   7DEVICE  TYPE      STATE      CONNECTION
   8ens192  ethernet  connected  ens192
   9ens224  ethernet  connected  ens224
  10ens256  ethernet  connected  ens256
  11lo      loopback  unmanaged  --
  12
  13# Get interfaces details :
  14nmcli connection show ens192 
  15nmcli -p con show ens192
  16
  17# Get DNS settings in interface
  18UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0")
  19nmcli --get-values ipv4.dns c show $UUID
  

  • Changing Interface name

  1nmcli connection add type ethernet mac "00:50:56:80:11:ff" ifname "ens224"
  2nmcli connection add type ethernet mac "00:50:56:80:8a:0b" ifname "ens256"
  

  • Create a custom config

  1nmcli con load /etc/sysconfig/network-scripts/ifcfg-ens224
  2nmcli con up ens192
  

  • Adding a Virtual IP

  1nmcli con mod enp1s0 +ipv4.addresses "192.168.122.11/24"
  2ip addr del 10.163.148.36/24 dev ens160
  3
  4nmcli con reload                     # before to reapply
  5nmcli device reapply ens224
  6systemctl status network.service
  7systemctl restart network.service
  

  • Add a DNS entry

  1UUID=$(nmcli --get-values connection.uuid c show "cloud-init eth0")
  2DNS_LIST=$(nmcli --get-values ipv4.dns c show $UUID)
  3nmcli conn modify "$UUID" ipv4.dns  "${DNS_LIST} ${DNS_IP}"
  4
  5# /etc/resolved is managed by systemd-resolved
  6sudo systemctl restart systemd-resolved