Linux: Setup: Firewalls
Firewalld
Note:
By default, firewall-cmd
makes changes to the running config, rather than the saved config.
If it is called with the --permanent
flag, it does the opposite - it changes the saved
config, but not the running config. To update both, call it with the --permanent
flag, then
call # firewall-cmd --reload
to reload from the saved config, or call the command twice,
once with the --permanent
flag, and once without. The latter method is usually better, as
the former will cause you to lose any deliberately-introduced differences between the running
and saved configs.
Additionally, firewall-cmd
requires root privileges.
Show active firewall config
firewall-cmd --list-all
Add a port
Allow inbound tcp connections to port 22:
firewall-cmd --add-port=22/tcp
Add a service
firewall-cmd --add-service=ssh
Add a rich rule
A few examples modified from ComputerNetworkingNotes
firewall-cmd --add-rich-rule='rule family=ipv4 source address=192.0.2.0/24 service name=ssh log prefix="SSH Access" level="notice" accept'
`firewall-cmd --add-rich-rule='rule protocol value=icmp reject'