Host based firewall with firewalld in Centos 7/EL7 with sample tasks
- You are required to host web site in your server (see web server section), such that the web site should be accessible from 192.168.122.0/24 only.
Solution:
if you are only for 1 virtual host, use “allow from 192.168.122.0/24″ rule in apache, but since in above question you are required to block port 80 to other than 192.168.122.0/24 subnet, you can use firewalld’s rich rule.
firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source \ address=192.168.122.0/24 service name=”http” accept’
firewall-cmd –reload
- You are require to forward port 4030 to port 22 only if source address in 192.168.122.1.
firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source \
address=”192.168.122.1″ forward-port port=4032 protocol=”tcp” to-port=”22″
firewall-cmd –reload
- You are require to forward port 4040 to 443.
firewall-cmd –permanent –add-forward-port=port=4040:proto=tcp:toport=443
firewall-cmd –reload
- You are required to host samba service in your server (see samba section), such that the smb share should be accessible from 192.168.122.0/24 only.
Solution:
firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source \ address=192.168.122.0/24 service name=”smb” accept’
firewall-cmd –reload
- Block port 80 in the server to 192.168.122.1, but the service should be accessible to all other addresses.
firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source address=’192.168.122.1′ \ service name=”http” reject’
firewall-cmd –reload
- you are require to configure your linux server as a router.
firewall-cmd –add-masquerade
firewall-cmd –reload
* you will also have to enable ip_forward in kernel
add “net.ipv4.ip_forward = 1″ in /etc/sysctl.conf file, if it IP forwarding is not enabled in your system.
Leave a Reply