Friday, 6 June 2025

firewalld


  • get list of zones
  1. firewall-cmd --list-all-zones
  2. firewall-cmd --get-active-zones
  • add port rule
  1. firewall-cmd --zone=public --add-port=443/tcp --permanent
  2. firewall-cmd --reload
  • add service rule
  1. firewall-cmd --zone=public --add-service=ssh --permanent
  2. firewall-cmd --reload
  • remove rules for firewalld
  1. firewall-cmd --zone=public --remove-port=5000/tcp --permanent
  2. firewall-cmd --zone=public --remove-port=5001/tcp --permanent
  3. firewall-cmd --zone=public --remove-service=http --permanent
  4. firewall-cmd --reload
  • list the rules
  1. firewall-cmd --info-zone=public


public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client
ports: 1891/tcp 80/tcp 443/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

  • enable logging
  1. firewall-cmd --get-log-denied ( to check status)
  2. firewall-cmd --set-log-denied=all ( to enable all /unicast/broadcast/multicast/off )
  3. firewall-cmd --get-log-denied (to verify)


  • create new rule to allow specific IP connecting to port 4567 on the server.
    • without rich-rules (recommended)
  1. firewall-cmd --new-zone=special --permanent
  2. firewall-cmd --reload
  3. firewall-cmd --zone=special --add-source=192.0.2.4/32 --permanent
  4. firewall-cmd --zone=special --add-port=4567/tcp --permanent
  5. firewall-cmd --reload
    -----block ip-----
    one time: sudo firewall-cmd --new-zone=blocked-ips --permanent
    sudo firewall-cmd --zone=blocked-ips --add-source=<IP_ADDRESS> --permanent
    sudo firewall-cmd --zone=blocked-ips --set-target=DROP --permanent
    sudo firewall-cmd --reload
    sudo firewall-cmd --info-zone=blocked-ips
    -----remove blocked ip-----
    sudo firewall-cmd --zone=blocked-ips --remove-source=<IP_ADDRESS> --permanent
    sudo firewall-cmd --reload
     
    • with rich-rules
  1. firewall-cmd --permanent --zone=public --add-rich-rule='rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept'
  2. firewall-cmd --reload 


  •     drop traffic from source ip
  1. firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="104.149.159.14" drop'
  2. firewall-cmd reload

 

  • remove rule of source ip
  1. firewall-cmd --zone=public --permanent --remove-rich-rule='rule family="ipv4" source address="104.149.159.14" drop'
  2. firewall-cmd --reload 
at
Labels: , ,

ccze

 ccze - log colorizer  sudo tail -f /var/log/syslog | ccze

  • Home
    7z : Compression utility aa :  a simple utility to help create backups ab : Apache HTTP server benchmarking tool  aespipe : AES encrypti...
  • grub
    grub-mkconfig - generate a GRUB configuration file grub-mkconfig -o /boot/grub/grub.cfg
  • du
     # To sort directories/files by size: du -sk *| sort -rn # To show cumulative human-readable size: du -sh # To show cumulative human-readabl...