https://thetechieexplorer.blogspot.com

In technical sense, the term firewall is a network security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules.

A firewall typically establishes a barrier between a trusted internal network and untrusted external network, such as Internet.

Two services are available in RHEL / CentOS to create, maintain, and display the rules of firewall:

firewalld

Dynamic firewall manager that supports firewall zones.
Uses the concept of zones and services, that simplify the traffic management.
Zones are predefined set of rules and network interfaces and sources can be assigned to a zone.
Manages both IPv4 and IPv6 networks.
Can be used to separate networks into different zones according to the level of trust that the user has decided to place on the interfaces and traffic within that network.

A connection can only be a part of one zone, but a zone can be used for many network connections.

iptables

Also used for:

packet filtering,
DNAT (Destination Network Address Translation),
SNAT (Source Network Address Translation) rules.

IPTables contain multiple tables and tables might contain multiple chains and chains contain multiple rules where rules are defined for the incoming and outgoing packets.

CONFIGURING FIREWALL USING firewalld

Now, we will discuss how to configure the firewall in RHEL or CentOS machine by using firewall-cmd command.

firewalld package is installed by default in RHEL and CentOS. If you noticed that it is not pre-installed in your machine, you can use the following command to install firewalld and watch the status for firewalld.

Now, to verify that the firewall service is installed and running on your system:

To view rules of default zone

# firewall-cmd --list-all

To list all the zones and their rule

# firewall-cmd --list-all-zones

To view name of default (currently active) zone

# firewall-cmd --get-default-zone

To view rules of a particular zone

Syntax:

# firewall-cmd --list-all --zone=<zone name>

Example:

# firewall-cmd --list-all --zone=home

To switch zone

Syntax:

# firewall-cmd --set-default-zone=<zone name>

Example:

# firewall-cmd --set-default-zone=public
# firewall-cmd --get-default-zone

To allow a service in the default zone

Syntax:

# firewall-cmd --permanent --add-service=<service name>

Example:

# firewall-cmd --permanent --add-service=http
# firewall-cmd --list-all
# firewall-cmd --reload
# firewall-cmd --list-all

Note: Permanent rules do not take effect immediately and it appears when the rules are reloaded or system is rebooted.

To add a temporary service, just remove the word "--permanent".

# firewall-cmd --add-service=http
# firewall-cmd --reload
# firewall-cmd --list-all

Note: Temporary rules take effect immediately but it disappears when the rules are reloaded or system is rebooted.

To allow the service in specific zone

ADDING PERMANENTLY:

Syntax:

# firewall-cmd --permanent --add-service=<service name> --zone=<zone name>

Example:

# firewall-cmd --permanent --add-service=http --zone=public
# firewall-cmd --reload (To refresh the changes)
# firewall-cmd --list-all --zone=public

ADDING TEMPORARILY:

Syntax:

# firewall-cmd --add-service=<service name> --zone=<zone name>

Example:

# firewall-cmd --add-service=http --zone=public
# firewall-cmd --list-all --zone=public

To remove the specific service from a given zone in the firewall

Remove from default zone:

# firewall-cmd --permanent --remove-service=http
# firewall-cmd --reload (To refresh the changes)
# firewall-cmd -- list-all

Remove from specific zone:

# firewall-cmd --permanent --remove-service=http --zone=work
# firewall-cmd --reload
# firewall-cmd --list-all --zone=work

Adding Port

Adding port in default zone:

# firewall-cmd --permanent --add-port=110/tcp
# firewall-cmd --reload
# firewall-cmd --list-all

Adding port in specific zone:

# firewall-cmd --permanent --add-port=5577/tcp --zone=work
# firewall-cmd --reload
# firewall-cmd --list-all --zone=work

Removing Port

Removing port in default zone:

# firewall-cmd --permanent --remove-port=5577/tcp
# firewall-cmd --reload
# firewall-cmd --list-all

Removing port in specified zone:

# firewall-cmd --permanent --remove-port=5577/tcp --zone=public
# firewall-cmd --reload
# firewall-cmd --list-all --zone=public

What is firewall ? | Services of Firewall | Configuring Firewalls in Linux

firewalld

iptables

CONFIGURING FIREWALL USING firewalld

To view rules of default zone

To list all the zones and their rule

To view name of default (currently active) zone

To view rules of a particular zone

To allow a service in the default zone

To allow the service in specific zone

To remove the specific service from a given zone in the firewall

Adding Port

Removing Port

Post a Comment

0 Comments

Search This Blog

Facebook

Followers

Total Pageviews

Popular Posts

What is VPN? | How VPN woks? | Why is it important?

Introduction to Open Source Software

How to Manage (Install / Update / Remove) various softwares / packages in RedHat or CentOS Linux ??

ALL POSTS

About Me

What is firewall ? | Services of Firewall | Configuring Firewalls in Linux

firewalld

iptables

CONFIGURING FIREWALL USING firewalld

To view rules of default zone

To list all the zones and their rule

To view name of default (currently active) zone

To view rules of a particular zone

To allow a service in the default zone

To allow the service in specific zone

To remove the specific service from a given zone in the firewall

Adding Port

Removing Port

You may like these posts

Post a Comment

0 Comments

Search This Blog

Facebook

Followers

Total Pageviews

Popular Posts

What is VPN? | How VPN woks? | Why is it important?

Introduction to Open Source Software

How to Manage (Install / Update / Remove) various softwares / packages in RedHat or CentOS Linux ??

ALL POSTS

About Me