firewalld

RJ is a RHEL Systems Engineer at Red Hat. He has to give a large group of fellow engineers a presentation on firewalld showing them how they'll most likely use firewalld in their day-to-day jobs. Please provide several command examples of how they'll most likely used firewalld. Assume that they are all using RHEL servers, and please generate zones, server names and ip addresses for the examples, as needed.

Certainly! Here are several command examples that RJ can use to showcase how engineers will most likely use firewalld in their day-to-day jobs:

  1. Display the current status of firewalld:
    • sudo systemctl status firewalld
  2. Start firewalld if it's not already running:
    • sudo systemctl start firewalld
  3. Enable firewalld to start on system boot:
    • sudo systemctl enable firewalld
  4. Check the active zones and their associated interfaces:
    • sudo firewall-cmd --get-active-zones
  5. List the available services provided by firewalld:
    • sudo firewall-cmd --get-services
  6. Add a specific service to the firewall rules, allowing incoming traffic:
    • sudo firewall-cmd --zone=public --add-service=http --permanent
  7. Add a custom port to the firewall rules, allowing incoming TCP traffic on port 8080:
    • sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
  8. Remove a service from the firewall rules:
    • sudo firewall-cmd --zone=public --remove-service=http --permanent
  9. Remove a port from the firewall rules:
    • sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
  10. Reload the firewall to apply the changes:
    • sudo firewall-cmd --reload
  11. View the currently active firewall rules:
    • sudo firewall-cmd --list-all
  12. Open a specific port for a limited duration using a rich rule:
    • sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="22" protocol="tcp" accept timeout="300s" --permanent'
  13. Remove a rich rule from the firewall rules:
    • sudo firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" port port="22" protocol="tcp" accept timeout="300s" --permanent'
  14. Create a new custom zone:
    • sudo firewall-cmd --permanent --new-zone=myzone
  15. Assign an interface to a custom zone:
    • sudo firewall-cmd --permanent --zone=myzone --add-interface=eth0
You should also read:

Firewalld

Biola is studying for her interview at Red Hat: she is interviewing for an open GNU/Linux Security Engineer position. She is an expert…