Skip to main content

RHEL: firewall-cmd

firewall-cmd - firewalld command line client

Open 123 UDP port (ntp service)

[tuyendq@rhel1 ~]$sudo firewall-cmd --zone=public --add-port=123/udp --permanent
[tuyendq@rhel1 ~]$sudo firewall-cmd --reload
[tuyendq@rhel1 ~]$sudo firewall-cmd --zone=public --list-all
RHEL: using firewall-cmd to open firewall port - 123/udp (ntp service)
RHEL: using firewall-cmd to open firewall port - 123/udp (ntp service)
Synchronize time with ntp service: time-b.practicehabits.net
Synchronize time with ntp service: time-b.practicehabits.net

Check firewalld status

sudo firewall-cmd --state

Check open ports in 'public' zone

sudo firewall-cmd --zone=public --list-ports

Add and remove ports to 'public' zone

sudo firewall-cmd --zone=public --add-port=3000-3001/tcp
sudo firewall-cmd --zone=public --remove-port=3000-3001/tcp

Open zabbix agent port 10050/tcp

# firewall-cmd --zone=public --add-port=10050/tcp

Open 21 TCP port (ftp service)

[tuyendq@rhel1 ~]$ sudo firewall-cmd --zone=public --add-port=21/tcp --permanent
success
[tuyendq@rhel1 ~]$ sudo firewall-cmd --reload
success
[tuyendq@rhel1 ~]$ sudo firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources:
  services: ssh dhcpv6-client
  ports: 110/tcp 25/tcp 1352/tcp 80/tcp 443/tcp 993/tcp 995/tcp 465/tcp 143/tcp 80/udp 123/udp 8080/tcp 8443/tcp 3000/tcp 10050/tcp 21/tcp
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:

firewall-cmd cheatsheet

firewall-cmd --state : Check firewalld state
firewall-cmd --list-all
firewall-cmd --get-zones : List all zones
firewall-cmd --get-active-zone : Get active zone

firewall-cmd --zone=public --add-port=80/tcp

/var/log/firewalld : firewalld log file

Popular posts from this blog

hmailserver: Notes from the field

hmailserver is one of free open source mail servers running on Microsoft Windows operating system.

stegseek: Notes

StegCracker has been retired following the release of StegSeek, which will blast through the rockyou.txt wordlist within 1.9 second as opposed to StegCracker which takes ~5 hours.

VMware ESXi host loads ipmi_si_drv too long

Workaround: remove ipmi_si_drv esxcli software vib remove --dry-run --vibname ipmi-ipmi-si-drv esxcli software vib remove --vibname ipmi-ipmi-si-drv ~ # esxcli software vib remove --dry-run --vibname ipmi-ipmi-si-drv Removal Result    Message: Dryrun only, host not changed. The following installers will be applied: [BootBankInstaller]    Reboot Required: true    VIBs Installed:    VIBs Removed: VMware_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.550.0.0.1331820    VIBs Skipped: ~ # ~ # esxcli software vib remove --vibname ipmi-ipmi-si-drv Removal Result    Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.    Reboot Required: true    VIBs Installed:    VIBs Removed: VMware_bootbank_ipmi-ipmi-si-drv_39.1-4vmw.550.0.0.1331820    VIBs Skipped: ~ #