This shows you the differences between two versions of the page.
firewalld [2019/05/01 13:31] k2patel [Adding rich rule] |
firewalld [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Firewalld ====== | ||
- | Another package to manage another package... welcome to new world ... :D\\ | ||
- | Anyway but server need to keep rolling !! | ||
- | |||
- | |||
- | ==== Replace firewalld with iptables ==== | ||
- | This is tested with the RHEL7 | ||
- | <code bash> | ||
- | yum install -y iptables-services | ||
- | iptables-save > /etc/sysconfig/iptables # preserve existing rule | ||
- | systemctl stop firewalld | ||
- | systemctl mask firewalld | ||
- | systemctl enable iptables | ||
- | systemctl enable ip6tables | ||
- | systemctl start iptables | ||
- | systemctl start ip6tables | ||
- | </code> | ||
- | |||
- | ==== Adding rich rule ==== | ||
- | |||
- | <code bash> | ||
- | firewall-cmd --permanent --zone=public --add-rich-rule=' | ||
- | rule family="ipv4" | ||
- | source address="192.168.12.0/25" | ||
- | port protocol="tcp" port="9200" accept' | ||
- | </code> | ||
- | |||
- | ==== Port redirection ==== | ||
- | Using following command one can redirect port traffic to another. | ||
- | <code bash> | ||
- | firewall-cmd --permanent --direct --add-rule ipv4 nat OUTPUT 0 -p tcp -o lo --dport 8080 -j REDIRECT --to-ports 8443 | ||
- | </code> |