In Linux OS, you can maintain a rich powerful firewall using
firewall daemon.
There are two ways to create firewall rules,
- Using terminal commands – you can easily add firewall rules using command line. But you have to have some knowledge about those commands.
- Using firewall configuration GUI(user interface)
Here is how to create firewall rules using graphical
interface.
Before adding firewall rules, you have to have clear idea
about below mentioned three topics,
- Source IP – this is the IP we are going send (generate) data packets. Normally we call these as client machines
- Destination IP – this is the IP which receive data packets. Normally we call these as server machines.
- Port – this is the port we are going to enable or disable or limit through the firewall.
Now let’s take a simple scenario. I want to allow
172.17.xxx.2 client machine to access my server machine’s 8080 port. In this
case 172.17.xxx.2 is source IP port is 8080. Since we are creating within our
server, no need to mention our server IP (destination IP)
First of all check whether firewall is running or not using
below command,
[root@lxxxxxx ~]# systemctl status firewalld.service
I
To start stop firewall daemon use below commands,
[root@xxxxxx ~]# systemctl start firewalld.service
[root@xxxxxx ~]# systemctl stop firewalld.service
Now you can
start firewall configuration GUI tool using below command,
[root@xxxxxx ~]# firewall-config
Now it will show below table and follow the pictures,
Select permanent from configuration menu,
In zones, select rich rules tab,
Then click add button,
Then enter details like below,
Select family as ipv4 and in element, select port and add
your port need to open to the outside,
Then add source IP and finish writing rule,
Now you finished writing rule in firewall daemon. Reload
firewall daemon if required.
No comments:
Post a Comment