firewalld
RJ is a RHEL Systems Engineer at Red Hat. He has to give a large group of fellow engineers a presentation on firewalld showing them how they'll most likely use firewalld in their day-to-day jobs. Please provide several command examples of how they'll most likely used firewalld. Assume that they are all using RHEL servers, and please generate zones, server names and ip addresses for the examples, as needed.
Certainly! Here are several command examples that RJ can use to showcase how engineers will most likely use firewalld in their day-to-day jobs:
- Display the current status of firewalld:
- sudo systemctl status firewalld
- Start firewalld if it's not already running:
- sudo systemctl start firewalld
- Enable firewalld to start on system boot:
- sudo systemctl enable firewalld
- Check the active zones and their associated interfaces:
- sudo firewall-cmd --get-active-zones
- List the available services provided by firewalld:
- sudo firewall-cmd --get-services
- Add a specific service to the firewall rules, allowing incoming traffic:
- sudo firewall-cmd --zone=public --add-service=http --permanent
- Add a custom port to the firewall rules, allowing incoming TCP traffic on port 8080:
- sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent
- Remove a service from the firewall rules:
- sudo firewall-cmd --zone=public --remove-service=http --permanent
- Remove a port from the firewall rules:
- sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent
- Reload the firewall to apply the changes:
- sudo firewall-cmd --reload
- View the currently active firewall rules:
- sudo firewall-cmd --list-all
- Open a specific port for a limited duration using a rich rule:
- sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="22" protocol="tcp" accept timeout="300s" --permanent'
- Remove a rich rule from the firewall rules:
- sudo firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" port port="22" protocol="tcp" accept timeout="300s" --permanent'
- Create a new custom zone:
- sudo firewall-cmd --permanent --new-zone=myzone
- Assign an interface to a custom zone:
- sudo firewall-cmd --permanent --zone=myzone --add-interface=eth0