misc/debian/bullseye/notes/firewall-firewalld.md

# Firewalld

Install and setup firewalld.

Cheat sheet [https://www.liquidweb.com/kb/an-introduction-to-firewalld/](https://www.liquidweb.com/kb/an-introduction-to-firewalld/)

## Install

The install is a simple apt install...

```
apt install firewalld
```

## Add firewall rules.

!!! RELOAD AFTER ADDING YOUR RULES, USE `firewall-cmd --reload` !!!


Allow ssh, http and https...

```
firewall-cmd --zone=public --permanent --add-service=ssh
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --add-service=https

```

Only allow a range of IPs...

```
firewall-cmd --zone=public --permanent --add-source=192.168.1.0/24
firewall-cmd --zone=public --permanent --add-source=192.168.156.0/24
firewall-cmd --zone=public --permanent --add-source=10.0.0.0/24
```

Sipgate...

```

firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="5060" accept'
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="5060" accept'
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="5060" accept'

firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="24000-26000" accept'
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="24000-26000" accept'
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="24000-26000" accept'

```

## List rules

To list all firewall rules.

```
firewall-cmd --list-all
```

## Status / State

```
firewall-cmd --state
```
* update php readme * update qmicli service - always proxy or device gets confused * add firewalld notes 2022-03-24 04:06:30 +00:00			`# Firewalld`

			`Install and setup firewalld.`

			`Cheat sheet [https://www.liquidweb.com/kb/an-introduction-to-firewalld/](https://www.liquidweb.com/kb/an-introduction-to-firewalld/)`

			`## Install`

			`The install is a simple apt install...`

			```
			`apt install firewalld`
			```

			`## Add firewall rules.`

			!!! RELOAD AFTER ADDING YOUR RULES, USE `firewall-cmd --reload` !!!



			`Allow ssh, http and https...`

			```
			`firewall-cmd --zone=public --permanent --add-service=ssh`
			`firewall-cmd --zone=public --permanent --add-service=http`
			`firewall-cmd --zone=public --permanent --add-service=https`

			```

			`Only allow a range of IPs...`

			```
			`firewall-cmd --zone=public --permanent --add-source=192.168.1.0/24`
			`firewall-cmd --zone=public --permanent --add-source=192.168.156.0/24`
* tidy up * small wg fixes 2022-03-28 13:53:09 +00:00			`firewall-cmd --zone=public --permanent --add-source=10.0.0.0/24`
* update php readme * update qmicli service - always proxy or device gets confused * add firewalld notes 2022-03-24 04:06:30 +00:00			```

			`Sipgate...`

			```

			`firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="5060" accept'`
			`firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="5060" accept'`
			`firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="5060" accept'`

			`firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="24000-26000" accept'`
			`firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="24000-26000" accept'`
			`firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="24000-26000" accept'`

			```

			`## List rules`

			`To list all firewall rules.`

			```
			`firewall-cmd --list-all`
			```

			`## Status / State`

			```
			`firewall-cmd --state`
			```