Firewalld: Difference between revisions
Jump to navigation
Jump to search
Line 12: | Line 12: | ||
sudo firewall-cmd --zone=public --add-service=<service-name> --permanent | sudo firewall-cmd --zone=public --add-service=<service-name> --permanent | ||
Opening a specific TCP/UDP port: | Opening a specific TCP/UDP port: | ||
sudo firewall-cmd --add-port= | sudo firewall-cmd --add-port=<port number>/<tcp or udp> --permanent | ||
Example: adding NFS to | |||
Example: adding NFS to firewalld | |||
sudo firewall-cmd --zone=public --add-service=nfs --permanent | sudo firewall-cmd --zone=public --add-service=nfs --permanent | ||
sudo firewall-cmd --zone=public --add-service=rpc-bind --permanent | sudo firewall-cmd --zone=public --add-service=rpc-bind --permanent | ||
sudo firewall-cmd --zone-public --add-service=mountd --permanent | sudo firewall-cmd --zone-public --add-service=mountd --permanent | ||
Example: adding tcp port 8080 to firewalld | |||
sudo firewall-cmd --add-port=8080/tcp --permanent | |||
Reload the firewall after adding services to the firewall configuration: | Reload the firewall after adding services to the firewall configuration: | ||
sudo firewall-cmd --reload | sudo firewall-cmd --reload |
Revision as of 18:30, 25 January 2019
Firewalld is the default firewall for CentOS 7. It replaces the CentOS 6 firewall, iptables.
Using firewalld
Starting and stopping firewalld:
systemctl start firewalld systemctl stop firewalld
Listing current configuration for firewalld:
sudo firewall-cmd --list-all
Permitting a service through firewall (opens port that corresponds with service):
sudo firewall-cmd --zone=public --add-service=<service-name> --permanent
Opening a specific TCP/UDP port:
sudo firewall-cmd --add-port=<port number>/<tcp or udp> --permanent
Example: adding NFS to firewalld
sudo firewall-cmd --zone=public --add-service=nfs --permanent sudo firewall-cmd --zone=public --add-service=rpc-bind --permanent sudo firewall-cmd --zone-public --add-service=mountd --permanent
Example: adding tcp port 8080 to firewalld
sudo firewall-cmd --add-port=8080/tcp --permanent
Reload the firewall after adding services to the firewall configuration:
sudo firewall-cmd --reload