Questions tagged [firewall-cmd]
41 questions
1
vote
0 answers
Equivalent ipfw config for firewalld
On a system managed by firewalld it is possible to redirect incoming traffic on 443 to 8443 so the process listening doesn't have to run as root to bind to 443 which requires root.
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443
I…
![](../../users/profiles/432655.webp)
washcloth
- 111
- 3
0
votes
1 answer
Firewalld still allowing traffic after removing port from zone
I have an issue with firewalld where I opened some ports and now want to close them for example I opened tcp/3000 in the public zone and now want to close it. So far I've tried this
firewall-cmd --zone=public --remove-port=3000/tcp
firewall-cmd…
![](../../users/profiles/546801.webp)
Kagashe
- 1
0
votes
1 answer
Disable ICMP reply on CentOS 7 firewall, except some IP blocks
I have a Centos 7 machine with FirewallD, and net.ipv4.conf.icmp_echo_ignore_all is set to 0.
I'm seeking for some firewall configs to disable ping replies to external IP addresses, but allow some IP blocks (like 192.168.1.0/24, 10.0.0.0/8 etc.) to…
0
votes
1 answer
The Firewall-cmd direct rules will remain after deletion
When the firewall is running, I cannot access my website. When I turn it off, it works.
I used these rules to redirect port 8443 to regular 443.
firewall-cmd --zone=public --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 443…
![](../../users/profiles/487358.webp)
user298785
- 11
- 3
0
votes
1 answer
trying to close two ports with firewalld, leaving everything else open
I think I'm using the wrong technique, but not sure of the right one.
Machine: Red Hat release 7.2
firewalld.noarch: 0.3.9-14.el7
I've been asked to close two ports but insure that all other ports are open. The solution needs to be easy to turn…
![](../../users/profiles/525846.webp)
Ron Christian
- 1
- 1
0
votes
1 answer
Internal IP forwarding RHEL
Thank you in advance for your response,
I've looked on the same question but nowhere to be found, so I'm gonna post here about my question,
So I have a RHEL OS and I have 2 separate IP(See Image)
IP1 is 192.168.10.3 as my web in port 80
IP2 is…
![](../../users/profiles/487091.webp)
Yien
- 5
- 2
0
votes
0 answers
Centos7, firewall-cmd --reload, "COMMAND_FAILED --state requires an argument" How to give state an argument?
I am using Centos7 and have just made some changes to the firewall. I am trying to configure my firewall to filter my ssh connection. I am following the How To documentation on Centos7 How Tos, Securing OpenSSh: Filter SSH at the Firewall.…
![](../../users/profiles/514622.webp)
Norman Potts
- 41
- 1
- 4
0
votes
2 answers
Lockdown unsecure port with firewall-cmd
I have a RedHat 7 server where we allow a few ports but one of them is insecure I would like to use firewall-cmd to lock that port down to only allow 5 IPs to access it. Do I need to make a new zone for just that port?
![](../../users/profiles/266027.webp)
Brill
- 45
- 1
- 4
0
votes
1 answer
Issue with firewalld
I just came across this issue and it's late here so I can't really think straight anymore right now. Still this is something pretty simple so I'm not really seeing what I'm missing and just going nuts here:
I was setting up a server I use solely for…
![](../../users/profiles/340306.webp)
Ricardo Mendes
- 149
- 5
0
votes
1 answer
CentOS 7 iptables output does match output of firewall-cmd
Output of iptables -L -v -n does not match firewall-cmd --list-all-zones.
Specifically, I'm looking for the forwarding rules I have in place for two virtual machines. They can be clearly seen with iptables.
[root@localhost ~]# iptables -S -v | grep…
![](../../users/profiles/467653.webp)
Aren Tahmasian
- 41
- 2
- 5
0
votes
1 answer
How can I create a top priority firewall rule for a trusted mac address?
I want to accept all packets sent to my centos7 VPS from my device regardless of options defined on public zone. (I want to remove ssh service from public zone and just be able to connect from my mac address!)
But when I add my mac address as a…
![](../../users/profiles/235053.webp)
Mojtaba Rezaeian
- 311
- 3
- 12
0
votes
1 answer
centos 7 not allowing inbound tcp connection on port 80 when connected to two network interfaces
I connected two network interfaces to a server running centOS 7 and I configured the public zone to allow inbound tcp connections on port 80 & 443, I then set one of the network interfaces to the public zone. I further configured a public IP on the…
![](../../users/profiles/405554.webp)
Dev
- 101
0
votes
1 answer
Firewalld port forwarding fails
I'm trying to replace an existing tunnel with firewall rules:
firewall-cmd --zone=public --add-forward-port=port=9999:proto=tcp:toport=9999:toaddr=100.1.1.1
This should forward all incoming TCP connections to 100.1.1.1
The problem is that it does…
![](../../users/profiles/132470.webp)
Maestro
- 255
- 1
- 2
- 8
0
votes
0 answers
How to close podman exposed port on public interface
I have running AdGuardHome instance on podman with WebUI port -p 8053:80.
# podman port -a
1aeb8e800717 53/tcp -> 0.0.0.0:53
1aeb8e800717 853/tcp -> 0.0.0.0:853
1aeb8e800717 5443/tcp -> 0.0.0.0:5443
1aeb8e800717 80/tcp ->…
![](../../users/profiles/142221.webp)
korzhyk
- 1
- 1
0
votes
1 answer
firewall-cmd - adding 0.0.0.0/0 as a source in one zone blocks more specific access in another zone
I have two firewalld zones configured as follows:
zone: ssh-access
source: 1.2.3.4
ports: 9999/tcp
zone: other-access
source: 5.6.7.8
ports: 8888/tcp
We temporarily want to unrestrict access to the ssh-access zone on port 9999/tcp so we replace…
![](../../users/profiles/646307.webp)
Chris
- 101
- 1