65 lines
1.8 KiB
Markdown
Executable File
65 lines
1.8 KiB
Markdown
Executable File
# Firewalld
|
|
|
|
Install and setup firewalld.
|
|
|
|
Cheat sheet [https://www.liquidweb.com/kb/an-introduction-to-firewalld/](https://www.liquidweb.com/kb/an-introduction-to-firewalld/)
|
|
|
|
## Install
|
|
|
|
The install is a simple apt install...
|
|
|
|
```
|
|
apt install firewalld
|
|
```
|
|
|
|
## Add firewall rules.
|
|
|
|
!!! RELOAD AFTER ADDING YOUR RULES, USE `firewall-cmd --reload` !!!
|
|
|
|
|
|
|
|
Allow ssh, http and https...
|
|
|
|
```
|
|
firewall-cmd --zone=public --permanent --add-service=ssh
|
|
firewall-cmd --zone=public --permanent --add-service=http
|
|
firewall-cmd --zone=public --permanent --add-service=https
|
|
|
|
```
|
|
|
|
Only allow a range of IPs...
|
|
|
|
```
|
|
firewall-cmd --zone=public --permanent --add-source=192.168.1.0/24
|
|
firewall-cmd --zone=public --permanent --add-source=192.168.156.0/24
|
|
firewall-cmd --zone=public --permanent --add-source=10.0.0.0/24
|
|
```
|
|
|
|
Sipgate...
|
|
|
|
```
|
|
|
|
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="5060" accept'
|
|
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="5060" accept'
|
|
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="5060" accept'
|
|
|
|
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.10.64.0/20" port protocol="udp" port="24000-26000" accept'
|
|
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="217.116.112.0/20" port protocol="udp" port="24000-26000" accept'
|
|
firewall-cmd --zone=public --permanent --add-rich-rule='rule family="ipv4" source address="212.9.32.0/19" port protocol="udp" port="24000-26000" accept'
|
|
|
|
```
|
|
|
|
## List rules
|
|
|
|
To list all firewall rules.
|
|
|
|
```
|
|
firewall-cmd --list-all
|
|
```
|
|
|
|
## Status / State
|
|
|
|
```
|
|
firewall-cmd --state
|
|
```
|