Remember to maintain security and privacy. Do not share sensitive information. Procedimento.com.br may make mistakes. Verify important information. Termo de Responsabilidade
How to Configure and Manage Firewalld on Linux
Firewalld is a powerful and flexible firewall management tool available on many Linux distributions, including Fedora, CentOS, and Red Hat Enterprise Linux (RHEL). It provides a dynamic way to manage firewall rules and supports both IPv4 and IPv6. Understanding how to configure and manage Firewalld is crucial for system administrators to ensure network security and control traffic flow.
Firewalld uses zones to define the trust level of network connections or interfaces. Each zone has its own set of rules that determine what traffic is allowed or denied. This article will guide you through the basics of Firewalld, including installation, basic configuration, and common commands.
Examples:
-
Installing Firewalld: To install Firewalld on your Linux system, use the package manager specific to your distribution. For example, on Fedora, CentOS, or RHEL, you can use the following command:
sudo dnf install firewalldOn Debian-based systems like Ubuntu, you can use:
sudo apt-get install firewalld -
Starting and Enabling Firewalld: After installation, you need to start the Firewalld service and enable it to start on boot:
sudo systemctl start firewalld sudo systemctl enable firewalld -
Checking Firewalld Status: To check the status of Firewalld, use:
sudo systemctl status firewalld -
Listing Available Zones: Firewalld uses zones to manage traffic. To list all available zones:
sudo firewall-cmd --get-zones -
Setting the Default Zone: The default zone is applied to all network interfaces that are not explicitly assigned to another zone. To set the default zone to "public":
sudo firewall-cmd --set-default-zone=public -
Adding Services to a Zone: To allow a specific service, such as HTTP, in the "public" zone:
sudo firewall-cmd --zone=public --add-service=http --permanent sudo firewall-cmd --reload -
Adding Ports to a Zone: To allow a specific port, such as TCP port 8080, in the "public" zone:
sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent sudo firewall-cmd --reload -
Removing Services or Ports: To remove a service or port from a zone, use the
--remove-serviceor--remove-portoptions:sudo firewall-cmd --zone=public --remove-service=http --permanent sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent sudo firewall-cmd --reload -
Listing All Rules in a Zone: To list all rules configured in a specific zone:
sudo firewall-cmd --zone=public --list-all -
Rich Rules: Firewalld also supports rich rules for more granular control. For example, to allow SSH traffic only from a specific IP address:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" service name="ssh" accept' --permanent sudo firewall-cmd --reload