RHEL+CentOS7 – EBUT Laboratory

firewall-cmd –add-port

Cozy — Thu, 16 Apr 2015 04:23:01 +0000

# firewall-cmd –list-service
dhcpv6-client http https ssh

# firewall-cmd –list-ports

# firewall-cmd –add-port=11122/tcp –zone=public –permanent
success

# firewall-cmd –reload
success

# firewall-cmd –list-service –zone=public
dhcpv6-client http https ssh

systemctl list-unit-files in trial #1

Cozy — Sat, 04 Oct 2014 15:13:30 +0000

too many ? services.

# systemctl list-unit-files | grep enable
accounts-daemon.service enabled
atd.service enabled
auditd.service enabled
chronyd.service enabled
crond.service enabled
dbus-org.fedoraproject.FirewallD1.service enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service enabled
firewalld.service enabled
getty@.service enabled
hypervkvpd.service enabled
hypervvssd.service enabled
irqbalance.service enabled
kdump.service enabled
NetworkManager-dispatcher.service enabled
NetworkManager.service enabled
postfix.service enabled
rpcbind.service enabled
rsyslog.service enabled
sshd.service enabled
dm-event.socket enabled
iscsid.socket enabled
iscsiuio.socket enabled
lvm2-lvmetad.socket enabled
rpcbind.socket enabled
default.target enabled
multi-user.target enabled
nfs.target enabled
remote-fs.target enabled

systemctl + firewall.http

Cozy — Sat, 02 Aug 2014 23:27:01 +0000

# systemctl list-unit-files | grep http
httpd.service disabled
# systemctl enable httpd
ln -s ‘/usr/lib/systemd/system/httpd.service’ ‘/etc/systemd/system/multi-user.target.wants/httpd.service’
# systemctl list-unit-files | grep http
httpd.service enabled

# getenforce
Disabled

# vi /etc/firewalld/zones/public.xml
..

+
+

..
# firewall-cmd —reload
success

# firewall-cmd –add-service=http –zone=public –permanent
success
# firewall-cmd –add-service=https –zone=public –permanent
success
# firewall-cmd –reload
success
# firewall-cmd –list-service –zone=public
dhcpv6-client http https ssh

firewalld.sshd

Cozy — Sat, 02 Aug 2014 00:44:50 +0000

# vi /usr/lib/firewalld/services/ssh.xml
–
+
multilines with each ports can work.

# firewall-cmd –reload
# firewall-cmd –get-services
…
public (default, active)
interfaces: eth0
sources:
services: dhcpv6-client ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
…
can use only dhcpv6-client, ssh.

# systemctl restart firewalld

# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all — anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT all — anywhere anywhere
…skip…

Chain IN_public_allow (1 references)
target prot opt source destination
ACCEPT tcp — anywhere anywhere tcp dpt:11122 ctstate NEW

Chain IN_public_deny (1 references)
target prot opt source destination

Chain IN_public_log (1 references)
target prot opt source destination

Chain OUTPUT_direct (1 references)
target prot opt source destination
#