Christmas Flash Sale: Hong Kong Dedicated Server 100Mbps Unlimited, Starting at $119/month
Notice Contact Us Support
Shop
SG Cloud Server SG Dedicated Server US Cloud Server HK Cloud Server HK Dedicated Server
Cloud Server
SG Cloud Server HK Cloud Server US Cloud Server
Dedicated Servers
Anti-DDoS IP
Security
Cloud DNS Domain Name SSL Certificate
Data Centers
Singapore, SG (SIN) HK HGC HK Tsuen Wan Los Angeles, USA (LAX)
Company
About Us Contact Us Support AFF
EN
CN
Sign In
Support >
  About independent server >
  Managing Linux Firewalls efficiently: FirewallD rules in detail
Managing Linux Firewalls efficiently: FirewallD rules in detail
Time : 2024-12-11 14:33:00
Edit : Jtti

FirewallD provides a way to configure dynamic firewall rules in linux, which can be applied directly without the need to start the firewall, and also supports D-BUS and zone concepts to simplify configuration.

Before executing a FirewallD rule, you must check that the FirewallD service is enabled and running:

# systemctl status firewalld

If FirewallD is started, it is recommended to check all active areas and active services:

# firewall-cmd --get-active-zones

# firewall-cmd --get-services

If you are not familiar with it, you can manage FirewallD from the GUI. You only need to install the GUI package on your system:

# yum install firewalld firewall-config

Make sure to identify which public zone you want to configure the Linux firewall in, and use the following command to list all active services, ports, and richness rules for the public zone:

# firewall-cmd --zone=public --list-all

To open any port for a public area, use the following command. For example, the following command will open port 80 for public areas:

# firewall-cmd --permanent --zone=public --add-port=80/tcp

To remove the added port, simply use the "-remove" option in the firewalld command, as follows:

# firewall-cmd --zone=public --remove-port=80/tcp

After adding or deleting a specific port, you need to use the "-list-ports" option to confirm whether the port is added or deleted:

# firewall-cmd --zone=public --list-ports

By default, FirewallD comes with predefined services, and adding a specific list of services requires creating a new xml file and including all the services in the file, otherwise you have to manually define or delete each service.

#firewall-cmd --zone=public --add-service=ftp

#firewall-cmd --zone=public --remove-service=ftp

#firewall-cmd --zone=public --list-services

If you want to block any incoming or outgoing connections, you need to use panic-on mode to block such requests. If you can delete any existing established connections on your system:

# firewall-cmd --panic-on

When trying to ping any area, use the "-query-panic" option to check that panic mode is enabled, as shown below.

# ping google.com -c 1

# firewall-cmd --query-panic

Did you see in the image above that the panic query shows "unknown host google.com"? Now try disabling panic mode, then ping again and check.

# firewall-cmd --query-panic

# firewall-cmd --panic-off

# ping google.com -c 1

Now this time, there will be a ping request from Google.

Masquerading IP addresses is also a type of network address translation that allows servers to connect to the Internet with the help of underlying machines. If you want to SSH to your home virtual machine from anywhere, just forward SSH port 22 to a different port. Before port forwarding, check that Masquerade is enabled in the external zone because we are accessing the machine from the external network.

# firewall-cmd --zone=external --query-masquerade

If it is not enabled, enable it first:

# firewall-cmd --zone=external --add-masquerade

Then forward all SSH port 22 connections to port 2222 at IP address 192.168.0.132.

# is firewall - CMD - zone = external - add - forward - port port of = = 22: proto = TCP: toport = 2222: toaddr = 192.168.0.132

# firewall-cmd --zone=external --list-all

Previous one:Apache Web Server security and hardening tips Next one:Automatically tune CentOS/RHEL server performance with Tuned

Relevant contents

Automatically tune CentOS/RHEL server performance with Tuned Here are five of the best alternatives to Skype for Linux desktop What are the best IP address management tools in Linux Process for setting up the local Yum/DNF repository on CentOS 8 How do I increase the number of disk inodes in Linux A way to find the geographic location of a Linux server in a terminal Common methods for viewing all installed software packages in CentOS What are the common commands for diagnosing Linux hard disk problems The role of virtual file systems in Linux Useful RPM package management commands in Linux
24/7/365 support.
We work when you work
Telegram
E-mail
Work Order
Support
Shop
SG Dedicated Server US Dedicated Server SG Cloud Server SG Anti-DDoS Server US SEO Server
Cloud Server
SG Cloud Server US Cloud Server HK Cloud Server
Dedicated Servers
CN2 Server SG Dedicated Server US Dedicated Server HK Dedicated Server SEO Server HK SEO Server US SEO Server
High Bandwidth Server HK High Bandwidth Server HK International High Bandwidth Server Anti-DDoS Server SG Anti-DDoS Server HK Anti-DDoS Server US Anti-DDoS Server
Security
Cloud DNS Domain Name SSL Certificate
Data Centers
Singapore, SG (SIN) Los Angeles, USA (LAX) HK HGC HK Tsuen Wan
About Jtti
About Us Support sitemap Privacy
©2024 jtti.cc. All Rights Reserved
JTTI-Defl
JTTI-COCO
JTTI-Selina
JTTI-Ellis
JTTI-Eom
Title
Email Address
Type
Information
Code
Submit