Last active
October 10, 2018 12:32
-
-
Save pirafrank/ee97d4c2d12860f16865137d59af110e to your computer and use it in GitHub Desktop.
basic firewalld rules
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# basic firewalld rules and commands | |
# check if running | |
# systemctl status firewalld | |
# firewall-cmd --state | |
# list ports | |
# firewall-cmd --list-all | |
# firewall-cmd --list-all --zone=public | |
# firewall-cmd --list-all --zone=public --permanent | |
# list zones | |
# firewall-cmd --get-zones | |
# firewall-cmd --get-default-zone | |
# firewall-cmd --get-active-zones | |
# open ports 80 and 443 | |
firewall-cmd --permanent --add-service http | |
firewall-cmd --permanent --add-service https | |
# rules for openvpn (uncomment as needed) | |
firewall-cmd --permanent --add-service openvpn | |
firewall-cmd --permanent --add-masquerade | |
# confirm it (should output 'OK'): | |
firewall-cmd --query-masquerade | |
# drop icmp (ping) packets (firewalld version, already included in basic rules above) | |
firewall-cmd --add-icmp-block=echo-request --permanent | |
firewall-cmd --add-icmp-block=echo-reply --permanent | |
# allow xmpp | |
firewall-cmd --zone=public --add-port=5222/tcp --permanent | |
firewall-cmd --zone=public --add-port=5269/tcp --permanent | |
# rules for mosh | |
firewall-cmd --zone=public --add-port=60000-60010/udp --permanent | |
# disable ports | |
# firewall-cmd --zone=public --remove-port=4000/tcp --permanent | |
# disable service | |
# firewall-cmd --zone=public --remove-service=ssh --permanent | |
firewall-cmd --reload | |
systemctl restart firewalld |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment