firewalld
is a set of scripts and a daemon that manage netfilter
on your RHEL system. It aims at creating a simple command-line interface to manage the firewall on your systems.
By default, firewalld
is included in the "core" rpm group, but it may not be installed for some reason (that you left it out of your kickstart would be one!). Perform the following steps:
firewalld
via the following command line:~]# yum install -y firewalld
firewalld
through the following:~]# systemctl enable firewalld
firewalld
is started by executing the following command line:~]# systemctl restart firewalld
List all the allowed services using the following command:
~]# firewall-cmd –list-services
You can see the output as follows, where all the allowed services are listed:
Now, show the tcp
/udp
ports that are allowed by your firewall using the following command:
~]# firewall-cmd --list-ports
Here's what the output should look like:
Perform the following steps to allow NFSv4 traffic on your system:
nfs
traffic via this command:~]# firewall-cmd --add-service nfs –-permanent success ~]#
~]# firewall-cmd --reload success ~]#
~]# firewall-cmd –-list-services nfs ~]#
Perform the following steps to allow incoming traffic on port 1234
over both tcp
and udp
:
1234
over tcp
and udp
by running the following:~]# firewall-cmd --add-port 1234/tcp --permanent success ~]# firewall-cmd --add-port 1234/udp --permanent success ~]#
~]# firewall-cmd –-reload success ~]#
~]# firewall-cmd –-list-ports 1234/tcp 1234/udp ~]#
firewalld
comes with a set of predefined port configurations, such as HTTP and HTTPS. You can find all such definitions in /lib/firewalld/services
. When creating your own port definitions or modifying the existing ones, you should create new port definition files in /etc/firewalld/services
.
When creating new "rules" by adding ports, services, and so on, you need to add the --permanent
option, or your changes would be lost upon the rebooting of the system or the reloading of the firewalld
policy.