Questions tagged [firewall-cmd]
46 questions
1
vote
0 answers
Equivalent ipfw config for firewalld
On a system managed by firewalld it is possible to redirect incoming traffic on 443 to 8443 so the process listening doesn't have to run as root to bind to 443 which requires root.
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443
I…
washcloth
- 111
- 3
0
votes
1 answer
Firewalld still allowing traffic after removing port from zone
I have an issue with firewalld where I opened some ports and now want to close them for example I opened tcp/3000 in the public zone and now want to close it. So far I've tried this
firewall-cmd --zone=public --remove-port=3000/tcp
firewall-cmd…
Kagashe
- 1
- 1
0
votes
1 answer
Disable ICMP reply on CentOS 7 firewall, except some IP blocks
I have a Centos 7 machine with FirewallD, and net.ipv4.conf.icmp_echo_ignore_all is set to 0.
I'm seeking for some firewall configs to disable ping replies to external IP addresses, but allow some IP blocks (like 192.168.1.0/24, 10.0.0.0/8 etc.) to…
0
votes
1 answer
The Firewall-cmd direct rules will remain after deletion
When the firewall is running, I cannot access my website. When I turn it off, it works.
I used these rules to redirect port 8443 to regular 443.
firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443…
user298785
- 11
- 3
0
votes
1 answer
trying to close two ports with firewalld, leaving everything else open
I think I'm using the wrong technique, but not sure of the right one.
Machine: Red Hat release 7.2
firewalld.noarch: 0.3.9-14.el7
I've been asked to close two ports but insure that all other ports are open. The solution needs to be easy to turn…
Ron Christian
- 1
- 1
0
votes
1 answer
Internal IP forwarding RHEL
Thank you in advance for your response,
I've looked on the same question but nowhere to be found, so I'm gonna post here about my question,
So I have a RHEL OS and I have 2 separate IP(See Image)
IP1 is 192.168.10.3 as my web in port 80
IP2 is…
Yien
- 5
- 2
0
votes
0 answers
Centos7, firewall-cmd --reload, "COMMAND_FAILED --state requires an argument" How to give state an argument?
I am using Centos7 and have just made some changes to the firewall. I am trying to configure my firewall to filter my ssh connection. I am following the How To documentation on Centos7 How Tos, Securing OpenSSh: Filter SSH at the Firewall.…
Norman Potts
- 41
- 1
- 4
0
votes
2 answers
Lockdown unsecure port with firewall-cmd
I have a RedHat 7 server where we allow a few ports but one of them is insecure I would like to use firewall-cmd to lock that port down to only allow 5 IPs to access it. Do I need to make a new zone for just that port?
Brill
- 45
- 1
- 4
0
votes
1 answer
Issue with firewalld
I just came across this issue and it's late here so I can't really think straight anymore right now. Still this is something pretty simple so I'm not really seeing what I'm missing and just going nuts here:
I was setting up a server I use solely for…
Ricardo Mendes
- 149
- 6
0
votes
1 answer
CentOS 7 iptables output does match output of firewall-cmd
Output of iptables -L -v -n does not match firewall-cmd --list-all-zones.
Specifically, I'm looking for the forwarding rules I have in place for two virtual machines. They can be clearly seen with iptables.
[root@localhost ~]# iptables -S -v | grep…
Aren Tahmasian
- 41
- 2
- 5
0
votes
1 answer
How can I create a top priority firewall rule for a trusted mac address?
I want to accept all packets sent to my centos7 VPS from my device regardless of options defined on public zone. (I want to remove ssh service from public zone and just be able to connect from my mac address!)
But when I add my mac address as a…
Mojtaba Rezaeian
- 451
- 5
- 14
0
votes
1 answer
centos 7 not allowing inbound tcp connection on port 80 when connected to two network interfaces
I connected two network interfaces to a server running centOS 7 and I configured the public zone to allow inbound tcp connections on port 80 & 443, I then set one of the network interfaces to the public zone. I further configured a public IP on the…
Dev
- 101
0
votes
1 answer
Networking issue with Fedora Server 38 as a firewall / gateway
This environment has twins of virtually everything, including two web server / firewall / gateway systems, and they were getting long-in-the-tooth version wise, so I decided to upgrade from Fedora Server 30 to 38 on one of them. The idea was, of…
Richard T
- 1,206
- 12
- 29
0
votes
1 answer
Debian 11 firewalld+nftables rules not taking effect
Update: after commenting out the line in /etc/hosts that is kinda like
#127.0.1.1 my-host.domain.edu my-host
and rebooting, the firewall does open the expected ports. I thought to do this because, during testing with the firewall down, binding to…
elliotta
- 1
- 1
0
votes
0 answers
firewall-cmd block outgoing connection to an ip list
I have searched a lot about this, this is possible to have many of these commands one for each ip:
/usr/bin/firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d ::FFFF:85.185.0.0/112 -j REJECT
/usr/bin/firewall-cmd --direct --add-rule ipv4…
Steve Moretz
- 173
- 1
- 9