Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [firewall-cmd]

41 questions
1
vote
0 answers

Equivalent ipfw config for firewalld

On a system managed by firewalld it is possible to redirect incoming traffic on 443 to 8443 so the process listening doesn't have to run as root to bind to 443 which requires root. firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443 I…
washcloth
  • 111
  • 3
0
votes
1 answer

Firewalld still allowing traffic after removing port from zone

I have an issue with firewalld where I opened some ports and now want to close them for example I opened tcp/3000 in the public zone and now want to close it. So far I've tried this firewall-cmd --zone=public --remove-port=3000/tcp firewall-cmd…
Kagashe
  • 1
0
votes
1 answer

Disable ICMP reply on CentOS 7 firewall, except some IP blocks

I have a Centos 7 machine with FirewallD, and net.ipv4.conf.icmp_echo_ignore_all is set to 0. I'm seeking for some firewall configs to disable ping replies to external IP addresses, but allow some IP blocks (like 192.168.1.0/24, 10.0.0.0/8 etc.) to…
Mohammad Reza Danesh
  • 1
  • 1
0
votes
1 answer

The Firewall-cmd direct rules will remain after deletion

When the firewall is running, I cannot access my website. When I turn it off, it works. I used these rules to redirect port 8443 to regular 443. firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443…
user298785
  • 11
  • 3
0
votes
1 answer

trying to close two ports with firewalld, leaving everything else open

I think I'm using the wrong technique, but not sure of the right one. Machine: Red Hat release 7.2 firewalld.noarch: 0.3.9-14.el7 I've been asked to close two ports but insure that all other ports are open. The solution needs to be easy to turn…
Ron Christian
  • 1
  • 1
0
votes
1 answer

Internal IP forwarding RHEL

Thank you in advance for your response, I've looked on the same question but nowhere to be found, so I'm gonna post here about my question, So I have a RHEL OS and I have 2 separate IP(See Image) IP1 is 192.168.10.3 as my web in port 80 IP2 is…
Yien
  • 5
  • 2
0
votes
0 answers

Centos7, firewall-cmd --reload, "COMMAND_FAILED --state requires an argument" How to give state an argument?

I am using Centos7 and have just made some changes to the firewall. I am trying to configure my firewall to filter my ssh connection. I am following the How To documentation on Centos7 How Tos, Securing OpenSSh: Filter SSH at the Firewall.…
Norman Potts
  • 41
  • 1
  • 4
0
votes
2 answers

Lockdown unsecure port with firewall-cmd

I have a RedHat 7 server where we allow a few ports but one of them is insecure I would like to use firewall-cmd to lock that port down to only allow 5 IPs to access it. Do I need to make a new zone for just that port?
Brill
  • 45
  • 1
  • 4
0
votes
1 answer

Issue with firewalld

I just came across this issue and it's late here so I can't really think straight anymore right now. Still this is something pretty simple so I'm not really seeing what I'm missing and just going nuts here: I was setting up a server I use solely for…
Ricardo Mendes
  • 149
  • 5
0
votes
1 answer

CentOS 7 iptables output does match output of firewall-cmd

Output of iptables -L -v -n does not match firewall-cmd --list-all-zones. Specifically, I'm looking for the forwarding rules I have in place for two virtual machines. They can be clearly seen with iptables. [root@localhost ~]# iptables -S -v | grep…
Aren Tahmasian
  • 41
  • 2
  • 5
0
votes
1 answer

How can I create a top priority firewall rule for a trusted mac address?

I want to accept all packets sent to my centos7 VPS from my device regardless of options defined on public zone. (I want to remove ssh service from public zone and just be able to connect from my mac address!) But when I add my mac address as a…
Mojtaba Rezaeian
  • 311
  • 3
  • 12
0
votes
1 answer

centos 7 not allowing inbound tcp connection on port 80 when connected to two network interfaces

I connected two network interfaces to a server running centOS 7 and I configured the public zone to allow inbound tcp connections on port 80 & 443, I then set one of the network interfaces to the public zone. I further configured a public IP on the…
Dev
  • 101
0
votes
1 answer

Firewalld port forwarding fails

I'm trying to replace an existing tunnel with firewall rules: firewall-cmd --zone=public --add-forward-port=port=9999:proto=tcp:toport=9999:toaddr=100.1.1.1 This should forward all incoming TCP connections to 100.1.1.1 The problem is that it does…
Maestro
  • 255
  • 1
  • 2
  • 8
0
votes
0 answers

How to close podman exposed port on public interface

I have running AdGuardHome instance on podman with WebUI port -p 8053:80. # podman port -a 1aeb8e800717 53/tcp -> 0.0.0.0:53 1aeb8e800717 853/tcp -> 0.0.0.0:853 1aeb8e800717 5443/tcp -> 0.0.0.0:5443 1aeb8e800717 80/tcp ->…
korzhyk
  • 1
  • 1
0
votes
1 answer

firewall-cmd - adding 0.0.0.0/0 as a source in one zone blocks more specific access in another zone

I have two firewalld zones configured as follows: zone: ssh-access source: 1.2.3.4 ports: 9999/tcp zone: other-access source: 5.6.7.8 ports: 8888/tcp We temporarily want to unrestrict access to the ssh-access zone on port 9999/tcp so we replace…
Chris
  • 101
  • 1
1
2
3