Host based firewall with firewalld in Centos 7/EL7 with sample tasks

  1. You are required to host web site in your server (see web server section), such that the web site should be accessible from 192.168.122.0/24 only.
    Solution:
    if you are only for 1 virtual host, use “allow from 192.168.122.0/24″ rule in apache, but since in above question you are required to block port 80 to other than 192.168.122.0/24 subnet, you can use firewalld’s rich rule.
    firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source \ address=192.168.122.0/24 service name=”http” accept’
    firewall-cmd –reload
  2. You are require to forward port 4030 to port 22 only if source address in 192.168.122.1.
    firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source \
    address=”192.168.122.1″  forward-port port=4032 protocol=”tcp” to-port=”22″
    firewall-cmd –reload
  3. You are require to forward port 4040 to 443.
    firewall-cmd –permanent –add-forward-port=port=4040:proto=tcp:toport=443
    firewall-cmd –reload
  4. You are required to host samba service in your server (see samba section), such that the smb share should be accessible from 192.168.122.0/24 only.
    Solution:
    firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source \ address=192.168.122.0/24 service name=”smb” accept’
    firewall-cmd –reload
  5. Block port 80 in the server to 192.168.122.1, but the service should be accessible to all other addresses.
    firewall-cmd –permanent –add-rich-rule ‘rule family=”ipv4″ source address=’192.168.122.1′  \ service name=”http” reject’
    firewall-cmd –reload
  6. you are require to configure your linux server as a router.
    firewall-cmd –add-masquerade
    firewall-cmd –reload
    * you will also have to enable ip_forward in kernel
    add “net.ipv4.ip_forward = 1″ in /etc/sysctl.conf file, if it IP forwarding is not enabled in your system.

Leave a Reply

Your email address will not be published.


4 + four =

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Recent Posts
Recent Comments
    Archives
    Categories
    Updates on Recent activieies
    Meta