Setari/Settings firewall - firewall-cmd Tipărire

  • firewall, firewall rules
  • 68

Please open ONLY the services/ports that you have to use!

See Firewalld services list
firewall-cmd --get-services

#Allow SSH connections on tcp port 22
firewall-cmd --zone=public --permanent --add-service=ssh

#Allow other port on SSH and open that port (don't forget sshd.config)
firewall-cmd --zone=public --permanent --add-port=2233/tcp

#Remove SSH service ( which is on port 22)
firewall-cmd --zone=public --permanent --remove-service=ssh

#FTP
firewall-cmd --zone=public --permanent --add-service=ftp

#HTTP/S
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https

#SMTP/S
firewall-cmd --zone=public --permanent --add-service=smtp
firewall-cmd --zone=public --permanent --add-service=smtps

#IMAP/S, POP3/S
firewall-cmd --zone=public --permanent --add-service=imap
firewall-cmd --zone=public --permanent --add-service=imaps
firewall-cmd --zone=public --permanent --add-service=pop3
firewall-cmd --zone=public --permanent --add-service=pop3s

#DNS
firewall-cmd --zone=public --permanent --add-service=dns

#MySQL
firewall-cmd --zone=public --permanent --add-service=mysql

#COUNTER STRIKE/STEAM
    #Steam Friends Service
firewall-cmd --zone=public --permanent --add-port=1200/udp
firewall-cmd --zone=public --permanent --add-port=4380/udp

    #STEAM MAIN UDP
firewall-cmd --zone=public --permanent --add-port=27000-27015/udp
firewall-cmd --zone=public --permanent --add-port=27015-27030/udp
firewall-cmd --zone=public --permanent --add-port=27014-27050/tcp


#TEAMSPEAK
    #VOICE
firewall-cmd --zone=public --permanent --add-port=9987/udp
    #DATA
firewall-cmd --zone=public --permanent --add-port=30033/tcp
    #TSDNS
firewall-cmd --zone=public --permanent --add-port=41144/tcp
    #QUERY
firewall-cmd --zone=public --permanent --add-port=10011/udp
    #Weblist,Accounting server/licenses
firewall-cmd --zone=public --permanent --add-port=2011-2110/udp

#RICH RULES (adapt it as you need it. you can block/permit per IP or entire classes)
firewall-cmd --permanent --zone=public --add-rich-rule='rule family=ipv4 source address=0.0.0.0/0 port port=22 protocol=tcp accept'
firewall-cmd --permanent --zone=public --add-rich-rule='rule service name=ssh family=ipv4 source address=0.0.0.0/0 accept'
firewall-cmd --permanent --add-rich-rule='rule service name=ssh limit value=10/m accept'
firewall-cmd --permanent --add-rich-rule="rule family='ipv4' source address='0.0.0.0/0' reject"
firewall-cmd --permanent --add-rich-rule='rule service name=ssh reject'
firewall-cmd --permanent --zone=public --add-rich-rule='rule service name=ssh family=ipv4 source address=0.0.0.0/0 accept'

#apply rules and restart firewalld
firewall-cmd --reload

#See current/all rules
firewall-cmd --list-all

#Flush/delete all current rules from firewalld (use this to start over)
firewall-cmd --permanent --reset-to-defaults

#EDIT/DELETE firewall rules
nano /etc/firewalld/zones/public.xml


Răspunsul a fost util?

« înapoi

Powered by WHMCompleteSolution