pirafrank/firewalld_rules.sh

## firewalld_rules.sh
# basic firewalld rules and commands

# check if running
# systemctl status firewalld
# firewall-cmd --state

# list ports
# firewall-cmd --list-all
# firewall-cmd --list-all --zone=public
# firewall-cmd --list-all --zone=public --permanent

# list zones
# firewall-cmd --get-zones
# firewall-cmd --get-default-zone
# firewall-cmd --get-active-zones

# open ports 80 and 443
firewall-cmd --permanent --add-service http
firewall-cmd --permanent --add-service https

# rules for openvpn (uncomment as needed)
firewall-cmd --permanent --add-service openvpn
firewall-cmd --permanent --add-masquerade
# confirm it (should output 'OK'):
firewall-cmd --query-masquerade

# drop icmp (ping) packets (firewalld version, already included in basic rules above)
firewall-cmd --add-icmp-block=echo-request --permanent
firewall-cmd --add-icmp-block=echo-reply --permanent

# allow xmpp
firewall-cmd --zone=public --add-port=5222/tcp --permanent
firewall-cmd --zone=public --add-port=5269/tcp --permanent

# rules for mosh
firewall-cmd --zone=public --add-port=60000-60010/udp --permanent

# disable ports
# firewall-cmd --zone=public --remove-port=4000/tcp --permanent

# disable service
# firewall-cmd --zone=public --remove-service=ssh --permanent

firewall-cmd --reload
systemctl restart firewalld
	# basic firewalld rules and commands

	# check if running
	# systemctl status firewalld
	# firewall-cmd --state

	# list ports
	# firewall-cmd --list-all
	# firewall-cmd --list-all --zone=public
	# firewall-cmd --list-all --zone=public --permanent

	# list zones
	# firewall-cmd --get-zones
	# firewall-cmd --get-default-zone
	# firewall-cmd --get-active-zones

	# open ports 80 and 443
	firewall-cmd --permanent --add-service http
	firewall-cmd --permanent --add-service https

	# rules for openvpn (uncomment as needed)
	firewall-cmd --permanent --add-service openvpn
	firewall-cmd --permanent --add-masquerade
	# confirm it (should output 'OK'):
	firewall-cmd --query-masquerade

	# drop icmp (ping) packets (firewalld version, already included in basic rules above)
	firewall-cmd --add-icmp-block=echo-request --permanent
	firewall-cmd --add-icmp-block=echo-reply --permanent

	# allow xmpp
	firewall-cmd --zone=public --add-port=5222/tcp --permanent
	firewall-cmd --zone=public --add-port=5269/tcp --permanent

	# rules for mosh
	firewall-cmd --zone=public --add-port=60000-60010/udp --permanent

	# disable ports
	# firewall-cmd --zone=public --remove-port=4000/tcp --permanent

	# disable service
	# firewall-cmd --zone=public --remove-service=ssh --permanent

	firewall-cmd --reload
	systemctl restart firewalld