Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [firewall-cmd]

46 questions
6
votes
2 answers

Remove --add-forward-port rule in firewall-cmd

Some time ago I added below rule for local port forwarding firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=3000 How can I remove this rule now?
idazuwaika
  • 209
  • 2
  • 4
  • 9
6
votes
1 answer

is there a way to flush a whole zone's rich rules on firewalld?

I have added many rich rule with something like this: firewall-cmd --permanent --zone="thezone" --add-rich-rule='rule family=ipv4 source address=1.2.3.4 reject' And now I would like to clear/remove all those rich rules in my "thezone" zone. Also y…
Mik
  • 83
  • 1
  • 1
  • 6
5
votes
1 answer

Why does firewall-cmd throws error "ALREADY_ENABLED" but is the port not listed when calling firewall-cmd --list-ports?

Using CentOS 7, I am trying to use firewall-cmd --zone=public --add-port=443/tcp --permanent to add 443 to my allowed ports. Unfortunately this throws error ALREADY_ENABLED: 443:tcp. But when I use firewall-cmd --list-ports it does not show in the…
user007
  • 153
  • 1
  • 1
  • 6
5
votes
1 answer

What's the difference between "firewall-cmd --reload" and "systemctl restart firewalld.service"?

What's the difference between firewall-cmd --reload and systemctl restart firewalld?
Neo
  • 51
  • 1
  • 1
  • 2
4
votes
2 answers

Fedora 21: Firewalld (firewall-cmd) won't PERMANENTLY assign interfaces to zones?

I installed Fedora on this one machine which is EXCLUSIVELY a gateway / firewall system. Following installation, I ran 'yum upgrade', and so it should be up to the very latest Fedora 21 - I'm a little behind on purpose (not Fedora 22) specifically…
Richard T
  • 1,206
  • 12
  • 29
3
votes
4 answers

How to port forward only on a single host IP address

Short question: How do you enable port forwarding on only a single host ip address? Backstory: My Centos 7 server has 5 ip addresses. Previously I had apache listening on all of them and various domains assigned to those ip addresses which were…
Altimus Prime
  • 364
  • 2
  • 7
  • 22
3
votes
1 answer

Fail2ban redirect

I've just finished setting up fail2ban on my Centos reverse proxy server. I was able to get it to block all requests if a certain criteria was met (pretty straight forward). However, I'd now like to redirect the offending users instead of…
JoeInVT
  • 95
  • 1
  • 5
2
votes
1 answer

Port Forward - KVM host forward port 23 to port 22 of a guest running an ssh service

I have a KVM server (host) with multiple virtual machines (guests). My goal is my host forward port 23 to port 22 of a guest running an ssh service. Command example... ssh root@[HOST_IP] -p 23 NOTE I: That was the command I used on the host to make…
Eduardo Lucio
  • 269
  • 4
  • 14
2
votes
1 answer

FirewallD not loading rule after reboot

I have FirewallD on Ubuntu Server 18.04. Got allowed services ssh http ipsec. But on reboot, firewall always allow ssh, ipsec but block http. To solve this, I have to run firewall-cmd --reload every time I boot server. Where can be problem?
Daniel Vítek
  • 21
  • 2
1
vote
1 answer

Restrict all outbound connections to a specific interface, and block if unavailable

I'm running Centos 7 in a VM (I don't believe this should matter, but for context...) Inside the VM, I'm running software to establish a tunnel. I can already accept connections from the host okay, but I want to force all outbound traffic over the…
Basic
  • 426
  • 2
  • 9
  • 23
1
vote
0 answers

Add firewall-cmd service permanently

On RHEL 7, I am trying to add service postgresql permanently. Without --permanent option, the command below runs well. [root@sample services]# firewall-cmd --list-services dhcpv6-client http https ssh [root@sample services]# firewall-cmd…
idazuwaika
  • 209
  • 2
  • 4
  • 9
1
vote
0 answers

Block outgoing connections on Centos 7 with firewalld

I'm having following rules : public (default, active) interfaces: eth0 sources: services: dhcpv6-client http https ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: Everything works fine, then I'm adding…
sule
  • 11
  • 1
  • 3
1
vote
1 answer

Centos 7 firewall-cmd settings not persisting

I have decided to do a bit of spring cleaning, and am doing a refresh of some of my underlying infrastructure. One of the critical components I am overhauling is the Network Gateway server. I updated my Test Environment (which is an identical, but…
topherg
  • 171
  • 1
  • 2
  • 10
1
vote
1 answer

How to block all outgoing connections from a particular user except localhost?

I wish to block all outgoing connections from a particular user user after they have ssh'd into my server (running RHEL 7.4), that is, user should not be able to ssh into/ping other servers on the network. I initially configured the following…
Rayne
  • 211
  • 2
  • 14
1
vote
1 answer

Port forwarding while preserving the source IP address with firewalld

I signed up with a new ISP and they dont provide me with a external IPv4 address. Ive set up a virtual server (S) (that has an address) to relay all my stuff to my box at home (B) using a wireguard tunnel. On (S) I configured: sysctl -w…
mkuhlmann
  • 11
  • 4
1
2 3 4