Configure firewalld or iptables.
# systemctl status firewalld
# systemctl start firewalld
# systemctl enable firewall
There are the following commands for firewalld:
# firewall-cmd or firewall-config
concept: zones and services:
Get the zones:
# firewall-cmd –get-zones
Get default zone:
# firewall-cmd –get-default-zone
Set default zone is using set-default-zone.
Service is a name associated with a name and a protocol.
The services are into: /etc/firewalld/services
Here are all services.
Default services are into:
/usr/lib/firewalld/services
Check the hish-availability.xml. Is a collection of ports:
Add the service:
# firewall-cmd –zone=home –add-service=high-availability
check the configuration for current zone:
# firewall -cmd –list-all
This way will persist untill reboot. To save the changes, use –permanent
# firewall-cmd –permanent –zone=home –add-service=high-availability
This command is hard to use. Is GUI firewall-config.
Select the zone > click the zone > check the Permanent configuration.
# firewall-cmd –get-default-zone
# firewall-cmd –set-default-zone dmz
add service:
# firewall-cmd –permanent –add-service=ssh
# firewall-cmd –permanent –add-service=ntp
# firewall-cmd –permanent –add-service=ftp
Check one service if is available:
# firewall-cmd –get-services
# firewall-cmd –permanent –add-service=vnc-server
# firewall-cmd –permanent –add-service=http
# firewall-cmd –permanent –add-service=dns
Check:
# firewall-cmd –list-all
reload the settings
# systemctl restart firewalld
Also can type:
# firewall-config
to check the configuration