This article describes the basic tasks required to quickly configure a service. I assume you are aware of the importance of firewalls and have a general understanding of how they protect servers and workstations.
To help you find the information you need, I've organized this article in a " How to? " format addressing these steps. Just scroll down to your question and find the command. If you need more details on administration, read Shashank Nandishwar Hegde's article Introduction to Firewall Rules and Scenarios .
How to check firewall status?
First, make sure firewalldthe service is installed, started and enabled:
$ sudo systemctl status firewalld
$ sudo systemctl start firewalld
$ sudo systemctl enable firewalldStarting a service activates it when it is currently running, while enabling a service causes it to start when the system boots.
How to check current configuration?
To display the services or ports currently open on the public zone's firewall, type:
$ sudo firewall-cmd --list-all --zone=publicNote the region and service or port. A zone is a configuration associated with a specific location or server role.
You can display open ports by service or port number if desired:
$ sudo firewall-cmd --list-services
$ sudo firewall-cmd --list-portsHow to open the port?
If the required service is blocked by an existing firewall configuration, open the corresponding port. If it's a generic service, you can specify it by service name. However, if the service is uncommon, developed in-house, or uses a custom port number, you can open firewall ports by port number. Here are two examples of web services:
$ sudo firewall-cmd --zone=public --add-service=http
$ sudo firewall-cmd --zone=public --add-port=80/tcpNote (or, depending on the protocol) usage./tcp/udp
This configuration is non-persistent. You will need this flag to preserve the setting as described below.--permanent
Use the or option to verify the settings.--list-services--list-ports
How to close the port?
An open port may also indicate a service that is no longer installed on the system, or should be closed for other reasons. Close ports by service name or port number using the following command:
$ sudo firewall-cmd --zone=public --remove-service=http
$ sudo firewall-cmd --zone=public --remove-port=80/tcpAgain, with the above command, this configuration is non-persistent.
How to make firewall settings persistent?
This option makes firewall changes persist across reboots. You can integrate this flag into configure commands:--permanent
$ sudo firewall-cmd --permanent --zone=public --add-port=80/tcpHow to reload configuration?
Finally, reload the firewall to integrate the changes into the current runtime. Do this as a separate step after configuration changes:
$ sudo firewall-cmd --reloadHowever, the problem with restarting the service is that it drops existing connections. In many cases, a better option is to reload the service, which rereads the configuration file but does not delete existing connections, so there is no interruption of service.
to know more information
The importance of firewalls is an established fact. This article provides the basic commands needed to quickly check configuration, add or remove rules, and reload settings. You can check the Red Hat documentation for details on other configurations, using various zones, port forwarding, and more.