firewalld Links: https://firewalld.org/
What is firewalld?
Firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces.
Changes can be done immediately in the runtime environment. No restart of the service or daemon is needed.
It provides three ways to open firewall
$ firewall-cmd --zone=public --add-port=443/tcp --permanent
$ firewall-cmd --zone=public --add-service=https --permanent
$ firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="10.10.10.0/24" port protocol="tcp" port="443" accept' --permanent
SNAT / DNAT configuration
SNAT
# open NAT forwarding
Firewall-cmd = --permanent --zone public Masquerade --add-
53 port open # use of DNS, UDP
# must, otherwise the machine can not resolve domain names to other
firewall-cmd --zone = public - 80-port = the Add / tcp --permanent
# check whether to allow NAT forwarding
firewall-cmd --query-Masquerade
# disable the firewall NAT forwarding
firewall-cmd --remove-Masquerade
DNAT
# to forward traffic on port 80 to 8080
firewall-cmd = forward-port---add port = 80: proto = tcp: toport = 8080
# to forward traffic on port 80 to 192.168.0.1
Firewall-cmd --add-forward-port = port = 80: proto = tcp: toaddr 192.168.0.1 =
# port 80 traffic will be forwarded to 192.168.0.1 port 8080
firewall-cmd --add-forward-port = port = 80: proto = tcp: toaddr = 192.168.0.1: toport = 8080