Wednesday, 14 May 2025

firewall-cmd on Centos7

 You can add the ports with the following command:
firewall-cmd --permanent --add-port=53/tcp
firewall-cmd --permanent --add-port=53/udp
firewall-cmd --reload

SMTP port allow:
firewall-cmd --permanent --add-port=25/tcp
firewall-cmd --permanent --add-port=25/udp
firewall-cmd --reload

HTTP 8080 Port allow:
firewall-cmd --permanent --add-port=8080/tcp
firewall-cmd --permanent --add-port=8080/udp
firewall-cmd --reload

You can add the service with the following command:
firewall-cmd --permanent --add-service=ssh
firewall-cmd --permanent --add-service=telnet
firewall-cmd --permanent --add-service=smtp
firewall-cmd --permanent --add-service=snmp


You can print the whole Firewalld configuration with the following command:
firewall-cmd --list-all

to see what services are allowed to have open ports:
firewall-cmd --list-services
firewall-cmd --list-ports

You can remove the service with the following command:
firewall-cmd --permanent --remove-service=ssh
firewall-cmd --permanent --remove-service=telnet
firewall-cmd --permanent --remove-service=dns
firewall-cmd --permanent --remove-service=dhcpv6-client


check open port from another server:
nmap -sT 113.21.228.1



--to check firewalld stop/start/status
systemctl stop firewalld
systemctl start firewalld
systemctl status firewalld


--Disable the FirewallD service to start automatically on system boot:
systemctl disable firewalld











Rich Rules:





-- Add Rich Rule
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="113.21.229.224/27" port port="804" protocol="tcp" accept'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv6" source address="2400:f940::/32" port port="804" protocol="tcp" accept'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="804" protocol="tcp" reject'
firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv6" source address="::/0" port port="804" protocol="tcp" reject'

--Check Rich Rule
firewall-cmd --list-rich-rules

--Remove Rich Rule
firewall-cmd --permanent --zone=public --remove-rich-rule 'rule family="ipv4" source address="0.0.0.0/0" port port="804" protocol="tcp" reject'
firewall-cmd --permanent --zone=public --remove-rich-rule 'rule family="ipv6" source address="::/0" port port="804" protocol="tcp" reject'

No comments:

Post a Comment