70 Configure firewall settings using firewall cmd or firewalld скачать в хорошем качестве

70 Configure firewall settings using firewall cmd or firewalld

In *RHEL-based distributions* (including *Kali Linux**, **CentOS**, and **Fedora**), **firewalld* is the default firewall management tool, which provides an easy way to manage firewall settings dynamically. It uses zones to define different levels of trust for network connections, and `firewall-cmd` is the command-line tool used to interact with **firewalld**. 1. *Check if firewalld is Running* Before configuring, check the status of `firewalld`: ```bash sudo systemctl status firewalld ``` If it's not running, start it: ```bash sudo systemctl start firewalld ``` To enable `firewalld` to start on boot: ```bash sudo systemctl enable firewalld ``` 2. *List Current Firewall Settings* To view the active zones and rules, use: ```bash sudo firewall-cmd --get-active-zones ``` To see all rules for the default zone: ```bash sudo firewall-cmd --list-all ``` 3. *Configure Firewall Rules* #### Add a Service to a Zone For example, to allow HTTP (port 80) traffic in the default zone: ```bash sudo firewall-cmd --zone=public --add-service=http ``` This allows HTTP traffic to pass through the firewall. To make this change persistent across reboots, use: ```bash sudo firewall-cmd --zone=public --add-service=http --permanent ``` #### Open Specific Port To open a specific port, for example, port 8080: ```bash sudo firewall-cmd --zone=public --add-port=8080/tcp ``` To make it persistent: ```bash sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent ``` #### Remove a Service or Port To remove a previously added service (e.g., HTTP): ```bash sudo firewall-cmd --zone=public --remove-service=http ``` To remove a specific port: ```bash sudo firewall-cmd --zone=public --remove-port=8080/tcp ``` Make sure to add `--permanent` if you want the removal to persist. 4. *Change the Default Zone* You can set a default zone for the firewall. For example, to change the default zone to `home`: ```bash sudo firewall-cmd --set-default-zone=home ``` 5. *Reload the Firewall* If you've made changes that require a reload, use: ```bash sudo firewall-cmd --reload ``` This ensures all permanent changes are applied. 6. *Example:* To allow SSH (port 22) and HTTP (port 80) traffic on your firewall, add the services to the `public` zone and make the changes persistent: ```bash sudo firewall-cmd --zone=public --add-service=ssh --permanent sudo firewall-cmd --zone=public --add-service=http --permanent sudo firewall-cmd --reload ``` 7. *Verify Firewall Rules* To verify that the rules have been applied: ```bash sudo firewall-cmd --list-all ``` This will show you the active rules, including services, ports, and interfaces. 8. *Stop or Disable Firewalld* If you need to stop or disable `firewalld`: To stop `firewalld` temporarily: ```bash sudo systemctl stop firewalld ``` To disable it from starting on boot: ```bash sudo systemctl disable firewalld ``` Summary: *`firewalld`* is a dynamic firewall manager that uses *zones* to organize network interfaces and manage rules. *`firewall-cmd`* is the command-line tool to configure and manage firewall rules. You can add services or open specific ports, and make these changes permanent. After making changes, use *`--reload`* to apply them. This approach makes firewall configuration more flexible and easier to manage compared to traditional iptables.