# find . -name "secure*" -mtime +7
files modify over 7 days
[root@master log]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
[root@master log]# systemctl start firewalld
[root@master log]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Wed 2021-03-10 12:56:41 EST; 1s ago
Docs: man:firewalld(1)
Main PID: 5951 (firewalld)
Tasks: 3 (limit: 11464)
Memory: 34.1M
CGroup: /system.slice/firewalld.service
├─5951 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
└─6344 /usr/sbin/ip6tables -w10 -t mangle -L -n
Mar 10 12:56:38 master systemd[1]: Starting firewalld - dynamic firewall daemon...
Mar 10 12:56:41 master systemd[1]: Started firewalld - dynamic firewall daemon.
Mar 10 12:56:41 master firewalld[5951]: WARNING: AllowZoneDrifting is enabled. This is considered an insecure c>
[root@master log]# firewall-cmd --get-zone
usage: see firewall-cmd man page
firewall-cmd: error: ambiguous option: --get-zone could match --get-zones, --get-zone-of-interface, --get-zone-of-source
[root@master log]# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
[root@master log]# firewall-cmd --get-active-zones
public
interfaces: enp0s3 enp0s8
[root@master log]# firewall-cmd --permanent --zone=public --list-services
cockpit dhcpv6-client http https ssh
[root@master log]# yum install httpd^C
[root@master log]# systemctl start httpd^C
[root@master log]# telnet local localhost^C
[root@master log]# telnet ansible2 80
different rules for different ip network
[root@master log]# firewall-cmd --zone=internal --change-interface=enp0s3 --permanent
The interface is under control of NetworkManager, setting zone to 'internal'.
success
[root@master log]# firewall-cmd --permanent --zone=internal --list-services
cockpit dhcpv6-client mdns samba-client ssh
add new rule
[root@master log]# firewall-cmd --zone=internal --add-srouce="192.168.5.0/24" --permanent
[root@master log]# firewall-cmd --zone="internal" --add-port=0-65535/tcp --permanent
[root@master log]# firewall-cmd --zone="internal" --add-port=80/tcp --permanent
[root@master log]# firewall-cmd --reload
[root@master log]# firewall-cmd --get-active-zones
internal
interfaces: enp0s3
public
interfaces: enp0s8
# ip addr s
Wednesday, March 10, 2021
RHEL8 - Firewall some commands
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment