[[firewalld]]
Trace:
Show pageOld revisions
AdminRecent ChangesSitemap

* ancien site

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision 		Previous revision
docpublic:systemes:firewalld [2016/10/02 15:04]
procacci@tem-tsp.eu created 		docpublic:systemes:firewalld [2019/04/17 06:46] (current)
procacci@tem-tsp.eu [references]
Line 9: Line 9:
   * https://access.redhat.com/discussions/1455033   * https://access.redhat.com/discussions/1455033
   * https://bugzilla.redhat.com/show_bug.cgi?id=1112742   * https://bugzilla.redhat.com/show_bug.cgi?id=1112742
 +  * https://www.it-connect.fr/centos-7-utilisation-et-configuration-de-firewalld/
  
-==== commands ====+==== install  ====
  
 +<code>
 +
 +# yum install firewalld firewall-config
 +# systemctl start firewalld.service 
 +# systemctl status firewalld.service
 +# firewall-cmd --get-active-zones
 +# firewall-cmd --get-services
 +# firewall-cmd --zone=public --list-all
 +# firewall-cmd --get-zones
 +# firewall-cmd --get-default-zone
 +# firewall-cmd --list-all-zones
 +
 +</code>
 +
 +==== fichiers ====
 +
 +<code>
 +# cat  /etc/firewalld/firewalld.conf 
 +# ls  /etc/firewalld/zones
 +# cat /etc/firewalld/zones/public.xml 
 +
 +</code>
 +
 +==== lier une interface a une zone ====
 +
 +<code>
 +# firewall-cmd --get-zone-of-interface=eth0
 +# firewall-cmd --zone=public --change-interface=eth0
 +# firewall-cmd --permanent --zone=public --change-interface=eth0
 +# grep eth0 /etc/firewalld/zones/public.xml
 +  <interface name="eth0"/>
 +
 +</code>
 +
 +==== gestion de services simples ====
 +
 +ajout httpd et retait ssh pour tous
 +<code>
 +
 +# firewall-cmd --add-service=http --permanent
 +# firewall-cmd --zone=public --remove-service=ssh --permanent
 +# firewall-cmd --reload
 +# firewall-cmd --list-all
 +</code>
 +
 +==== gestion de regles complexes ====
 +
 +afin d'integrer la source par exemple + log + exemple ajout et retrait :
 +<code>
 +# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.1.11/32" service name="http" log prefix="http_192.168.1.11" accept'
 +# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.1/32" service name="ssh" log prefix="ssh_" accept'
 +# firewall-cmd --permanent --remove-rich-rule 'rule family="ipv4" source address="192.168.0.1/32" service name="ssh" log prefix="ssh_192.168.0.1" accept'
 +# firewall-cmd --permanent --add-rich-rule 'rule family="ipv4" source address="192.168.0.0/24" port port=8080 protocol=tcp log prefix="http8080" accept'
 +# firewall-cmd --reload
 +</code>
  
docpublic/systemes/firewalld.1475420658.txt.gz · Last modified: 2016/10/02 15:04 by procacci@tem-tsp.eu
Show pageOld revisions
[unknown link type]Back to top
CC Attribution-Noncommercial-Share Alike 4.0 International
www.chimeric.de Valid CSS Driven by DokuWiki do yourself a favour and use a real browser - get firefox!! Recent changes RSS feed Valid XHTML 1.0