Firewalld

From DikapediaV2
Revision as of 00:15, 27 August 2024 by Ardika Sulistija (talk | contribs) (Created page with "https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall/ Good article: https://www.linode.com/docs/guides/introduction-to-firewalld-on-centos/ <b>firewalld</b> - A wrapper for iptables to allow easier management of iptables rules. Is <b>not</b> an iptables replacement. It's a firewall service <u>daemon</u> that provides a dynamic customizable host-based firewall with a D-Bus interface. It enables creating, changing, and deleting the rules without...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

https://www.tecmint.com/start-stop-disable-enable-firewalld-iptables-firewall/

Good article: https://www.linode.com/docs/guides/introduction-to-firewalld-on-centos/

firewalld - A wrapper for iptables to allow easier management of iptables rules. Is not an iptables replacement. It's a firewall service daemon that provides a dynamic customizable host-based firewall with a D-Bus interface. It enables creating, changing, and deleting the rules without the necessity to restart the firewall daemon each time the rules are changed.


How to Allow HTTP connectivity in firewall (RHEL8)


I was configuring apache (httpd) on a RHEL8 server. I had apache running and listening on port 80 and I confirmed that DNS was resolving the domain successfully. However, when I attempted to connect to the server on port 80 (using curl -IvkL) I was getting "No route to host":

curl: (7) Failed to connect to 123.abc.com port 80: No route to host

I checked iptables -L but did not see any iptables rules.

Then I found this article and found that I needed to allow http in the firewall rules.

sudo firewall-cmd --zone=public --add-service=http --permanent
sudo firewall-cmd --zone=public --reload
sudo firewall-cmd --zone=public --list-all

Then confirmed that I was able to connect to the server on port 80 via a web browser.


How to check Firewall configurations for a specific Zone


$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: cockpit dhcpv6-client http ssh
  ports:
  protocols:
  forward: no
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules: