Firewalld Command - Useful firewall-cmd Examples (RHEL based)

 


Image Source: techmint

Useful firewall-cmd Examples 

(Source: thegreekdiary.com)



1. List all zones Use the following command to list information for all zones. Only partial output is displayed. 
firewall-cmd --list-all-zones
Output:

work
 target: default
 icmp-block-inversion: no
 interfaces:
 sources:
 services: dhcpv6-client ssh
 ports:
 protocols:
 masquerade: no
 forward-ports:
 sourceports:
 icmp-blocks:
 rich rules:

drop
 target: DROP
 icmp-block-inversion: no
 interfaces:
 sources:
 services:
 ports:
 protocols:
 masquerade: no forward-ports:
 sourceports:
 icmp-blocks:
 rich rules:
 .....


Public is the default zone set, if you do not change it. To check the currently set default zone use the below command:
firewall-cmd --get-default-zone
public


2. List allowed service and ports on the system To show currently allowed service on your system use the below command. 
firewall-cmd --list-services
dhcpv6-client ssh 



To list the ports that are open on your system: 
firewall-cmd --list-ports

You would normally see no ports listed here when you have just enabled the firewalld.

 

3. To Enable all the incoming ports for a service You can also open the required ports for a service by using the –add-seervice option.

To permit access by HTTP clients for the public zone: 
firewall-cmd --zone=public --add-service=http


success To list services that are allowed for the public zone: 
firewall-cmd --zone=work --list-services
dhcpv6-client http ssh 


Using this command only changes the Runtime configuration and does not update the configuration files. The following sequence of commands shows that configuration changes made in Runtime configuration mode are lost when the firewalld service is restarted: 
systemctl restart firewalld
firewall-cmd --zone=work --list-services
dhcpv6-client ssh



To make changes permanent, use the –permanent option.

Example: 
firewall-cmd --permanent --zone=public --add-service=http
success


Changes made in Permanent configuration mode are not implemented immediately.

Example: 
firewall-cmd --zone=work --list-services
dhcpv6-client ssh 


However, changes made in a Permanent configuration are written to configuration files.

Restarting the firewalld service reads the configuration files and implements the changes.

 Example: 
systemctl restart firewalld
firewall-cmd --zone=work --list-services
dhcpv6-client http ssh



4. Allow traffic on an incoming port The command below will open the port 2222 effective immediately, but will not persist across reboots: 
firewall-cmd --add-port=[YOUR PORT]/tcp

For example, to open TCP port 2222 : 
firewall-cmd --add-port=2222/tcp

The following command will create a persistent rule, but will not be put into effect immediately: 
firewall-cmd --permanent --add-port=[YOUR PORT]/tcp

For Example, to open TCP port 2222 : 
firewall-cmd --permanent --add-port=2222/tcp

To list the open ports, use the command :
firewall-cmd –-list-ports
2222/tcp



5. Start and stop firewalld service To start/stop/status firewalld service use the below commands: 
systemctl start firewalld.service
systemctl stop firewalld.service

To check the status of the firewalld service: 
systemctl status firewalld.service

Popular posts from this blog

How to Convert PEM KeyFile into PPK KeyFile and vice versa?

Image
Hi, In this post, we will learn that how can we convert PEM KeyFile into PPK KeyFile and vice versa including the installation of the tool which we will use to accomplish this. For the Windows Operating System In Windows system is easy and straight forward. You just need a tool called "puttygen.exe" from the URL -  https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html Choose the appropriate version as per your OS. Convert PEM into PPK in Windows After downloading the PuTTYgen and open it, load your file (select All Files (*.*) in the bottom dropdown to select your PEM key file).  You will get a message Successfully imported foreign key, Just click OK, Now click on Save private key button to save that key in the location where do you want to save it. Convert PPK into PEM in Windows Now we will convert PPK file into PEM using PuTTYgen in Windows PC Open the PuTTYgen tool, now load your PPK file into it, and finally, Go to Conversions Menu and Click on Export OpenSSH k
Read more

How to transfer Google Cloud Storage One account data to Google Cloud another account?

Image
                                                          Image Source: infiflex.com Step 1: Go to the account where storage bucket are resides. Select the Select the Bucket, you want to transfer data and Click on SHOW INFO PANEL on the Top Right. Step 2: Under PERMISSIONS click on Add members. Now type the email id of the another account where you want to transfer all of your files in New Members Box. Select Role Storage > Storage Admin. Step 3: Now, Go to second account, Go to your storage bucket and select and repeat the last steps but this time email id will be the 1st account email id. All Set. Step 4: Finally Go to First account open the Google Cloud Shell and run the following command - gsutil -m cp -r gs://SOURCE-BUCKET-NAME /* gs://DESTINATION-BUCKET-NAME /
Read more

MySQL Commands, Administration, Backup, Restore

Image
  SOURCE : STACKOVERFLOW  To export If it’s an entire DB, then:  mysqldump -u [uname] -p[pass] db_name > db_backup.sql If it’s all DBs, then:  mysqldump -u [uname] -p[pass] --all-databases > all_db_backup.sql If it’s specific tables within a DB, then:  mysqldump -u [uname] -p[pass] db_name table1 table2 > table_backup.sql You can even go as far as auto-compressing the output using gzip (if your DB is very big):  mysqldump -u [uname] -p[pass] db_name | gzip > db_backup.sql.gz If you want to do this remotely and you have the access to the server in question, then the following would work (presuming the MySQL server is on port 3306):  mysqldump -P 3306 -h [ip_address] -u [uname] -p[pass] db_name > db_backup.sql To import Type the following command to import sql data file:  mysql -u username -p -h localhost DATA-BASE-NAME < data.sql In this example, import ‘data.sql’ file into ‘blog’ database using sat as username:  mysql -u sat -p -h localhost blog < data.sql If you h
Read more