Here are few steps to allow ports or services :-
Just type these commands :-
How to disable SSH access from everywhere except for certain IPs in CentOS 7:
# firewall-cmd --zone=internal --add-service=ssh --permanent
# firewall-cmd --zone=internal --add-source=1.2.3.4/32 --permanent
# firewall-cmd --zone=internal --add-source=5.6.7.8/32 --permanent
# firewall-cmd --zone=public --remove-service=ssh --permanent
# firewall-cmd --reload
To Block specific specific IP :-
# firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.01.10.01' reject"
To Allow specific port on specific IP :-
$ firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="your ip" port protocol="tcp" port="8080" accept'
You can allow any port you want to allow,
To Allow port :-
$ firewall-cmd --zone=public --add-port=25/tcp --permanent
To Remove port :-
$ firewall-cmd --zone=public --remove-port=25/tcp --permanent
You can allow any service you want to allow,
To see the list of all service :-
$ firewall-cmd --get-services
To Allow service :-
$ firewall-cmd --permanent --zone=public --add-service=ftp
To Remove service :-
$ firewall-cmd --permanent --zone=public --remove-service=ftp
You can move runtime to permanent,
To move runtime to permanent :-
$ firewall-cmd --runtime-to-permanent
To save firewall rules :-
$ firewall-cmd --reload
To check the allowed ports :-
$ firewall-cmd --list-ports
To check the allowed services :-
$ firewall-cmd --list-services
To check the allowed all services :-
$ sudo firewall-cmd --list-all
You can check the current rules,
vi /etc/firewalld/zones/public.xml
Just type these commands :-
How to disable SSH access from everywhere except for certain IPs in CentOS 7:
# firewall-cmd --zone=internal --add-service=ssh --permanent
# firewall-cmd --zone=internal --add-source=1.2.3.4/32 --permanent
# firewall-cmd --zone=internal --add-source=5.6.7.8/32 --permanent
# firewall-cmd --zone=public --remove-service=ssh --permanent
# firewall-cmd --reload
To Block specific specific IP :-
# firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='10.01.10.01' reject"
To Allow specific port on specific IP :-
$ firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="your ip" port protocol="tcp" port="8080" accept'
You can allow any port you want to allow,
To Allow port :-
$ firewall-cmd --zone=public --add-port=25/tcp --permanent
To Remove port :-
$ firewall-cmd --zone=public --remove-port=25/tcp --permanent
You can allow any service you want to allow,
To see the list of all service :-
$ firewall-cmd --get-services
To Allow service :-
$ firewall-cmd --permanent --zone=public --add-service=ftp
To Remove service :-
$ firewall-cmd --permanent --zone=public --remove-service=ftp
You can move runtime to permanent,
To move runtime to permanent :-
$ firewall-cmd --runtime-to-permanent
To save firewall rules :-
$ firewall-cmd --reload
To check the allowed ports :-
$ firewall-cmd --list-ports
To check the allowed services :-
$ firewall-cmd --list-services
To check the allowed all services :-
$ sudo firewall-cmd --list-all
You can check the current rules,
vi /etc/firewalld/zones/public.xml
0 comments:
Post a Comment