How firewalld reject a custom port?
by DragonBillow Zhang
Hi, I'm using firewalld in a locale net, and I set it's zone as "Home". I had set up some servers by Docker, and it expose ports to foreign. Such 9000, 2342 and etc.
These ports could be accessed by others always. How do I make these ports works like build-in service?( Such cockpit, it clould be accessed by others only when I add it's to zone. )
2 years, 8 months
IRC: #firewalld officially moved to libera.chat
by Eric Garver
Hi everyone,
#firewalld on irc.libera.chat is now the official IRC channel for
firewalld.
Given the recent events regarding freenode the decision has been made to
officially move the channel to libera.chat. This change is effective
immediately. The website [1] has been updated. The maintainers no longer
have a presence on freenode.
You can reach the firewalld maintainers via:
- IRC: #firewalld on irc.libera.chat
- matrix: #firewalld:matrix.org
Sorry for the inconvenience.
Thanks.
Eric.
IRC: erig (libera)
matrix: erig:matrix.org
[1]: https://firewalld.org/community.html
2 years, 9 months
Configuring Firewalld on CentOS 7.9 2009 Linux Server
by Turritopsis Dohrnii Teo En Ming
Subject: Configuring Firewalld on CentOS 7.9 2009 Linux Server
Good day from Singapore,
I had a chance to setup CentOS 7.9 2009 Linux on Lenovo ThinkSystem
SR550 (2U) server for a customer on 8 Jun 2021 Tuesday.
The hardware specifications of the server are as follows:
Lenovo ThinkSystem SR550 (2U) Server
=====================================
1x Intel Xeon Silver 4210R 10 Cores 100W 2.4 GHz Processor
1x ThinkSystem 16 GB TruDDR4 2933 MHz (2Rx8 1.2V) RDIMM
2x ThinkSystem 32 GB TruDDR4 2933 MHz (2Rx4 1.2V) RDIMM
1x ThinkSystem 8 GB TruDDR4 2933 MHz (1Rx8 1.2V) RDIMM
1x ThinkSystem RAID 530-8i PCIe 12Gb Adapter (RAID 0,1,5,10 - Zero
Cache)
1x ThinkSystem 2U x16/x8 PCIe FH Riser 1
2x ThinkSystem 750W (230/115V) Platinum Hot-Swap Power Supply
1x 2.8 m, 13A/100-250V, C13 to C14 Jumper Cord
1x 2.8 m, 13A/100-250V, C13 to C14 Line Cord
1x ThinkSystem Toolless Slide Rail
2x Integrated 1 GbE RJ-45 ports
8x 2.5" HS Open HDD bays
Warranty: 3 Y P L, Onsite, 2Hr, 24x7
ThinkSystem XClarity Controller Standard to Advanced Upgrade
ThinkSystem XClarity Controller Advanced to Enterprise Upgrade
4x ThinkSystem 2.5" 2.4TB 10K SAS 12Gb Hot Swap 512e HDD (RAID 5)
2x ThinkSystem 2.5" 5300 960GB Entry SATA 6Gb Hot Swap SSD (RAID 1)
After completing the installation of CentOS 7.9 2009 Linux Server, I
proceeded to install and configure Firewalld.
Firewalld is a frontend for netfilter iptables firewall.
Installing Firewalld
====================
# yum install firewalld
# systemctl enable firewalld
# reboot
Checking if Firewalld is running
=================================
# firewall-cmd --state
Output:
running
Checking for default zone
=========================
# firewall-cmd --get-default-zone
Output:
public
Checking for active zone
========================
# firewall-cmd --get-active-zones
Output:
public
interfaces: eno1
List all services of the active zone
====================================
# firewall-cmd --list-all
Output:
public (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Creating new zone
=================
# firewall-cmd --permanent --new-zone=custom
Output:
success
Listing all zones
=================
# firewall-cmd --permanent --get-zones
Output:
block custom dmz drop external home internal public trusted work
Restart Firewalld
=================
# firewall-cmd --reload
Output:
success
List all zones
==============
block custom dmz drop external home internal public trusted work
Assigning network interface to the new zone
===========================================
# firewall-cmd --zone=custom --change-interface=eno1
Output:
success
Open TCP port 22 for ssh
========================
# firewall-cmd --zone=custom --permanent --add-service=ssh
Output:
success
Restart Network and Firewalld
=============================
# systemctl restart network
# systemctl reload firewalld
Checking for active zone
=========================
# firewall-cmd --get-active-zones
Output:
public
interfaces: eno1
Setting the default zone
========================
# firewall-cmd --set-default-zone=custom
Output:
success
Checking for default zone
=========================
# firewall-cmd --get-default-zone
Output:
custom
Checking for active zone
=========================
# firewall-cmd --get-active-zones
Output:
custom
interfaces: eno1
Reboot the Linux Server
=======================
# reboot
Checking for default zone
==========================
# firewall-cmd --get-default-zone
Output:
custom
Checking for active zone
=========================
# firewall-cmd --get-active-zones
Output:
custom
interfaces: eno1
Listing all services of active zone
====================================
# firewall-cmd --list-all
Output:
custom (active)
target: default
icmp-block-inversion: no
interfaces: eno1
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
===END===
Reference Guide: How To Set Up a Firewall Using FirewallD on CentOS 7
Link:
https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall...
Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 9 Jun 2021, is a
TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant with a
System Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.
--
-----BEGIN EMAIL SIGNATURE-----
The Gospel for all Targeted Individuals (TIs):
[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers
Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html
********************************************************************************************
Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):
[1] https://tdtemcerts.wordpress.com/
[2] https://tdtemcerts.blogspot.sg/
[3] https://www.scribd.com/user/270125049/Teo-En-Ming
-----END EMAIL SIGNATURE-----
2 years, 9 months