[Linux] CentOS(RHEL 7) Firewall : firewalld
1. Install firewalld
Install
$ yum install firewalld
Enable & Start
$ systemctl enable firewalld
$ systemctl start firewalld
2. Setting Zone
Zone list
$ firewall-cmd --get-zones
$ firewall-cmd --list-all-zones
$ firewall-cmd --get-default-zone
$ firewall-cmd --get-active-zone
$ firewall-cmd --permanent --list-all --zone=newzone
Add Zone
$ firewall-cmd --permanent --new-zone=newzone
When
firewall-cmd --reloadis executed after firewall setup, it is initialized. So you have to set--permanent
Remove Zone
$ firewall-cmd --permanent --delete-zone=newzone
Set Default Zone
$ firewall-cmd --set-default-zone=newzone
3. Setting Service
Service list
$ firewall-cmd --get-services
$ firewall-cmd --list-services --zone=public
$ firewall-cmd --permanent --list-all --zone=public
Add Service
$ firewall-cmd --permanent --zone=newzone --add-service=http
$ firewall-cmd --permanent --zone=newzone --add-service=https
Remove Service
$ firewall-cmd --permanent --zone=newzone --remove-service=http
4. Setting Port
Add Port
$ firewall-cmd --permanent --zone=newzone --add-port=4000/tcp
$ firewall-cmd --permanent --zone=newzone --add-port=8000-9000/tcp
Remove Port
$ firewall-cmd --permanent --zone=newzone --remove-port=4000/tcp
5. Reload firewall
$ firewall-cmd --reload
6. Restart firewalld
$ systemctl restart firewalld
# Allow IP
$ firewall-cmd --permanent --zone=public --add-source=111.111.1.0/24 --add-port=22/tcp
# White list by adding a rich-rule
$ sudo firewall-cmd --zone=public --permanent --add-rich-rule="rule family='ipv4' source address='10.x.x.x' accept"
# Ban IP by adding a rich-rule
$ sudo firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.x.x.0/24' reject"
$ sudo firewall-cmd --permanent --zone=dmz --add-rich-rule="rule family='ipv4' source address='10.x.x.0/24' drop"
Leave a comment