🚩 Firewalld

Basic Troubleshooting

 1# Get the state
 2firewall-cmd --state
 3systemctl status firewalld
 4
 5# Get infos
 6firewall-cmd --get-default-zone
 7firewall-cmd --get-active-zones
 8firewall-cmd --get-zones
 9firewall-cmd --set-default-zone=home
10
11firewall-cmd --permanent --zone=FedoraWorkstation --add-source=00:FF:B0:CB:30:0A
12firewall-cmd --permanent --zone=FedoraWorkstation --add-service=ssh
13
14firewall-cmd --get-log-denied
15firewall-cmd --set-log-denied=<all, unicast, broadcast, multicast, or off>

Add/Remove/List Services

 1#Remove
 2firewall-cmd --zone=public --add-service=ftp --permanent
 3firewall-cmd --zone=public --remove-service=ftp --permanent
 4firewall-cmd --zone=public --remove-port=53/tcp --permanent
 5firewall-cmd --zone=public --list-services
 6
 7# Add
 8firewall-cmd --zone=public --new-service=portal --permanent
 9firewall-cmd --zone=public --service=portal --add-port=8080/tcp --permanent
10firewall-cmd --zone=public --service=portal --add-port=8443/tcp --permanent
11firewall-cmd --zone=public --add-service=portal --permanent
12firewall-cmd --reload
13
14firewall-cmd --zone=public --new-service=k3s-server --permanent
15firewall-cmd --zone=public --service=k3s-server --add-port=443/tcp --permanent
16firewall-cmd --zone=public --service=k3s-server --add-port=6443/tcp --permanent
17firewall-cmd --zone=public --service=k3s-server --add-port=8472/udp --permanent
18firewall-cmd --zone=public --service=k3s-server --add-port=10250/tcp --permanent
19firewall-cmd --zone=public --add-service=k3s-server --permanent
20firewall-cmd --reload
21
22firewall-cmd --zone=public --new-service=quay --permanent
23firewall-cmd --zone=public --service=quay --add-port=8443/tcp --permanent
24firewall-cmd --zone=public --add-service=quay --permanent
25firewall-cmd --reload
26
27firewall-cmd --get-services  # It's also possible to add a service from list
28firewall-cmd --runtime-to-permanent

Checks and Get infos

list open port by services

1for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;
2
3sudo sh -c 'for s in `firewall-cmd --list-services`; do echo $s; firewall-cmd --permanent --service "$s" --get-ports; done;'
4ssh
522/tcp
6dhcpv6-client
7546/udp

Check one service

1firewall-cmd --info-service cfrm-IC
2cfrm-IC
3  ports: 7780/tcp 8440/tcp 8443/tcp
4  protocols:
5  source-ports:
6  modules:
7  destination:

List zones and services associated

 1firewall-cmd --list-all
 2public (active)
 3  target: default
 4  icmp-block-inversion: no
 5  interfaces: ens192
 6  sources:
 7  services: ssh dhcpv6-client https Oracle nimsoft
 8  ports: 10050/tcp 1521/tcp
 9  protocols:
10  masquerade: no
11  forward-ports:
12  source-ports:
13  icmp-blocks:
14  rich rules:

1firewall-cmd --zone=backup --list-all

Get active zones

1firewall-cmd --get-active-zones
2backup
3  interfaces: ens224
4public
5  interfaces: ens192

Tree folder

1ls /etc/firewalld/
2firewalld.conf    helpers/   icmptypes/  ipsets/    lockdown-whitelist.xml  services/   zones/

IPSET

1firewall-cmd --get-ipset-types
2firewall-cmd --permanent --get-ipsets
3firewall-cmd --permanent --info-ipset=integration
4firewall-cmd --ipset=integration --get-entries
5
6firewall-cmd --permanent --new-ipset=test --type=hash:net
7firewall-cmd --ipset=local-blocklist --add-entry=103.133.104.0/23

🚩 Firewalld

Contents

Basic Troubleshooting

Add/Remove/List Services

Checks and Get infos

IPSET

Copyright

Comments

🚩 Firewalld

Contents

Basic Troubleshooting

Add/Remove/List Services

Checks and Get infos

IPSET

Copyright

Related Posts

Comments