Firewalld - How-to 's
Table of Contents
About
This page regroups a list of how to around the firewall firewalld
Articles Related
Howto's
How to filter based on a IP
Execute this command:
firewall-cmd --permanent \
--add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" protocol value="tcp" accept'
where:
- –permanent means that the rule will be used even after reboot.
- –add-rich-rule specifies the rich rule that has the following options:
- family - the type of IP
- source address=“192.168.78.76/32” - the source specified as an cidr
- protocol value=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
- accept - the action to take
How to filter based on IP and Port
Execute this command:
firewall-cmd --permanent \
--add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" port port="8080" protocol="tcp" accept'
where:
- –permanent means that the rule will be used even after reboot.
- –add-rich-rule specifies the rich rule that has the following options:
- family - the type of IP
- source address=“192.168.78.76/32” - the source specified as an cidr
- port port=“8080” - the port defined by port (you could also have defined a service)
- protocol=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
- accept - the action to take
How to forward to a port (Redirect)
Add this Rich rule
Execute this command:
firewall-cmd --permanent \
--add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'
How to filter packet based on country
If you want to filter your packet by country, see this page:
How to filter based on a subnet (Cloudflare)
If you want to filter your HTTP packet based on subnet such as all server from Cloudlfare, see this page:
Firewalld - Allowing only the HTTP Traffic from a subnet such as the servers from Cloudflare
How to disable firewalld on rescue mode when all goes wrong
If your firewall is locking you out of your machine, this article will explains you how to disable it and take control back.