Firewall
systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl disable iptables.service
systemctl stop iptables.service
systemctl stop ip6tables.service
systemctl status firewalld.service
systemctl start firewalld.service
systemctl enable firewalld.service
systemctl restart firewalld.service
# iptables -L
# firewall-cmd --state
Disable IPtables
flush all IPtables rules. You can do it with the following command:
iptables -Fsystemctl stop iptables systemctl disable iptables verify IPtables rules with the following command:# iptables -L -n -v
In the following output, you should see that all IPtables rules have been removed:
Chain INPUT (policy ACCEPT 9 packets, 596 bytes)pkts bytes target prot opt in out source destinationChain FORWARD (policy ACCEPT 0 packets, 0 bytes)pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 5 packets, 488 bytes)pkts bytes target prot opt in out source destination
# yum -y install nano wget net-tools NetworkManager-tui
# nmtui
# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
192.168.1.100 mail.worldcm.net mail
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
Allow enable Firewall
firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=106/tcp
setsebool -P httpd_can_network_connect on
firewall-cmd --add-port=10000/tcp --permanent
firewall-cmd --add-port=20000/tcp --permanent
firewall-cmd --add-port=8000/tcp --permanent
firewall-cmd --add-service={pop3s,imaps} --permanent
firewall-cmd --add-port=465/tcp --permanent
firewall-cmd --permanent --add-service=smtp
firewall-cmd --permanent --add-port=587/tcp
firewall-cmd --permanent --add-port=465/tcp
firewall-cmd --permanent --add-port=110/tcp
firewall-cmd --permanent --add-service=pop3s
firewall-cmd --permanent --add-port=143/tcp
firewall-cmd --permanent --add-service=imaps
firewall-cmd --zone=public --add-port=993/tcp --permanent
firewall-cmd --zone=public --add-port=995/tcp --permanent
firewall-cmd --permanent --zone=public --add-port=5900/tcp
firewall-cmd --permanent --zone=public --add-service vnc-server
firewall-cmd --permanent --zone=public --add-service=cockpit
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-port=5800-5900/tcp
firewall-cmd --permanent --add-service=ssh
firewall-cmd --reload
setsebool -P httpd_can_network_connect on
systemctl restart firewalld.service
Commands for Firewall
ufw enable – turn on the firewall
ufw disable – turn off the firewall
ufw default allow – allow all connections by default
ufw default deny – drop all connections by default
ufw status – current rules and
ufw allow port – to allow traffic on port
ufw deny port – port block
ufw deny from ip – ip block
Start/Stop and Enable/Disable FirewallD Service
CentOS/RHEL 7 or Fedora 18+ versions, you should follow below instructions to manage FirewallD service.
Start FirewallD Service
# systemctl start firewalld
Stop FirewallD Service
# systemctl stop firewalld
Check the Status of FirewallD
# systemctl status firewalld
Check the State of FirewallD
# firewall-cmd --state
As an alternative, you can disable the firewalld service so that it doesn’t apply rules to packets and enable ones needed again.
Disable FirewallD Service
# systemctl disable firewalld
Enable FirewallD Service
# systemctl enable firewalld
Mask FirewallD Service
# systemctl mask firewalld
Also, you can mask the firewall service which creates a symbolic link of the firewall.service to /dev/null, thus disabling the service.
Unmask FirewallD Service
# systemctl unmask firewalld
This is reverse of masking the service. This removes the symlink of the service created during masking, thus re-enabling the service.
How to Start/Stop and Enable/Disable IPtables Service
On RHEL/CentOS 6/5/4 and Fedora 12-18 iptables firewall comes as pre and later, the iptables service can be installed via:
# yum install iptables-services
Then, the service can be started, stopped or restarted via following commands:
Start Iptables Service
# systemctl start iptables
OR
# service iptables start
Stop Iptables Service
# systemctl stop iptables
OR
# service iptables stop
Disable Iptables Service
# systemctl disable iptables
Or
# service iptables save
# service iptables stop
Enable Iptables Service
# systemctl enable iptables
Or
# service iptables start
Check Status of Iptables Service
# systemctl status iptables
OR
# service iptables status
USER ADD
useradd -m accesstel -s /sbin/nologin
passwd accesstel
HTP port
firewall-cmd --permanent --add-port=80/tcp
setsebool -P httpd_can_network_connect on
webmin
firewall-cmd --add-port=10000/tcp --permanent
firewall-cmd --add-port=20000/tcp --permanent
SSl
[root@dlp ~]# firewall-cmd --add-service={pop3s,imaps} --permanent
success
[root@dlp ~]# firewall-cmd --add-port=465/tcp --permanent
success
[root@dlp ~]# firewall-cmd --reload
Step 10 » Add the firewall rules to allow 25, 587 and 465 ports.
[root@mail ~]# firewall-cmd --permanent --add-service=smtp
[root@mail ~]# firewall-cmd --permanent --add-port=587/tcp
[root@mail ~]# firewall-cmd --permanent --add-port=465/tcp
[root@mail ~]# firewall-cmd --reload
Now start testing connectivity for each ports 25,587 and 465 using telnet and make
Step 14 » Add firewall rules to allow 110,143,993 and 995.
[root@mail ~]# firewall-cmd --permanent --add-port=110/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=pop3s
[root@mail ~]# firewall-cmd --permanent --add-port=143/tcp
[root@mail ~]# firewall-cmd --permanent --add-service=imaps
[root@mail ~]# firewall-cmd --reload
Check the connectivity for the ports 110,143,993 and 995 using telnet.
o unblock all these ports from firewall, run the following commands.
firewall-cmd --permanent --add-service=smtp firewall-cmd --permanent --add-port=587/tcp firewall-cmd --permanent --add-port=465/tcp firewall-cmd --permanent --add-port=110/tcp firewall-cmd --permanent --add-service=pop3s firewall-cmd --permanent --add-port=143/tcp firewall-cmd --permanent --add-service=imaps firewall-cmd --permanent --add-service=http firewall-cmd --reload
telnet mail.yourdomain.com smtp
If you do not have telnet installed, then you can run the following command to install telnet.
yum -y install telnet
Zimbra Port
[root@mail ~]# firewall-cmd --permanent --add-port={25,80,110,143,443,465,587,993,995,5222,5223,9071,7071}/tcp success [root@mail ~]# firewall-cmd --reload
--------------------------