Supprimer Rendre public Rendre privé Add tags Delete tags
  Ajouter un tag   Annuler
  Supprimer le tag   Annuler
  • • DevOps notes •
  •  
  • Tags
  • Connexion

Firewall/shaare/hJTVjQ

  • linux
  • linux

Enable firewall

  • firewall-config → GUI for options

    • add ports
  • firewall-cmd → CLI
  • cat /etc/sysconfig/iptables-config
  • cat /etc/firewalld/firewalld.conf

Firewall config

  • iptables = old, firewalld = new (use in all Linux distros)
  • Check iptables rules → iptables -L
  • Flush rules → iptables -F

Iptables packet filtering

  • Tables (process packets) → filter

    • attached to chains (inspect traffic)

    • INPUT → incoming traffic

    • FORWARD → going to router from another device

    • OUTPUT → outgoing traffic

  • Target (what happens when a rule is met)

    • ACCEPT
    • REJECT → send reject response
    • DROP → drop without response

Firewalld

  • firewall-cmd --list-all

    • check the rule
  • firewall-cmd --get-services

    • list service firewall is aware of
  • firewall-cmd --reload

    • reload for new rules
  • firewall-cmd --get-zones

    • get a list of all zones
    • public zone is used most of the time
  • firewall-cmd --get-actives-zones

    • get active zones
  • firewall-cmd --zone=public --list-all

    • get firewall rule for public zone

Add extra service:

  • cp /usr/lib/firewalld/services/allservices.xml

    • change service and port number
  • sap.xml → firewall-cmd --add-service=sap

  • firewall-cmd --add-service=http

    • add a service (http)
    • --permanent
  • firewall-cmd --remove-service=http

    • remove a service (http)
    • --permanent
  • firewall-cmd --reload

    • reload configuration
  • firewall-cmd --add-port=1110/tcp

    • add a port
    • --permanent
  • firewall-cmd --remove-port=1110/tcp

    • remove a port
    • --permanent
  • firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.8.1" drop'

    • block certain IP address
  • firewall-cmd --add-icmp-block=ipv6-redirect

    • block ping
  • firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -d 8.9.10.11 -j DROP

    • block website (host → www.website.com)
9 months ago Permalien
cluster icon
  • SSH and DNS : SSH ps -ef | grep sshd → check ssh systemctl status sshd DNS PTR record → IP to hostname A record → hostname to IP CNAME record → hostname to...
  • Screen & Tmux : Screen (Terminal Multiplexer) Multi-terminal sessions in one window Alt+a | → split vertical Alt+a Shift+s → split horizontal Alt+a Tab → switch wind...
  • Bash : First Line of Script #!/bin/bash → defines the shell interpreter Comments Use # for commenting Common Elements Commands: echo, cp, etc. Statement...
  • Vi Editor : Vi Editor Commands i → insert mode ESC → escape to command mode r → replace mode x → delete character dd → delete line yy → copy line p → paste v → v...
  • Chmod Calculator :


(110)
Filtrer par liens sans tag
Replier Replier tout Déplier Déplier tout Êtes-vous sûr de vouloir supprimer ce lien ? Êtes-vous sûr de vouloir supprimer ce tag ? Le gestionnaire de marque-pages personnel, minimaliste, et sans base de données par la communauté Shaarli