Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [firewall-cmd]

40 questions
6
votes
2 answers

Remove --add-forward-port rule in firewall-cmd

Some time ago I added below rule for local port forwarding firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=3000 How can I remove this rule now?
idazuwaika
  • 209
  • 2
  • 4
  • 8
6
votes
1 answer

is there a way to flush a whole zone's rich rules on firewalld?

I have added many rich rule with something like this: firewall-cmd --permanent --zone="thezone" --add-rich-rule='rule family=ipv4 source address=1.2.3.4 reject' And now I would like to clear/remove all those rich rules in my "thezone" zone. Also y…
Mik
  • 83
  • 1
  • 1
  • 6
5
votes
1 answer

Why does firewall-cmd throws error "ALREADY_ENABLED" but is the port not listed when calling firewall-cmd --list-ports?

Using CentOS 7, I am trying to use firewall-cmd --zone=public --add-port=443/tcp --permanent to add 443 to my allowed ports. Unfortunately this throws error ALREADY_ENABLED: 443:tcp. But when I use firewall-cmd --list-ports it does not show in the…
user007
  • 153
  • 1
  • 6
4
votes
2 answers

Fedora 21: Firewalld (firewall-cmd) won't PERMANENTLY assign interfaces to zones?

I installed Fedora on this one machine which is EXCLUSIVELY a gateway / firewall system. Following installation, I ran 'yum upgrade', and so it should be up to the very latest Fedora 21 - I'm a little behind on purpose (not Fedora 22) specifically…
Richard T
  • 1,118
  • 10
  • 24
3
votes
4 answers

How to port forward only on a single host IP address

Short question: How do you enable port forwarding on only a single host ip address? Backstory: My Centos 7 server has 5 ip addresses. Previously I had apache listening on all of them and various domains assigned to those ip addresses which were…
Altimus Prime
  • 324
  • 1
  • 6
  • 20
3
votes
1 answer

Fail2ban redirect

I've just finished setting up fail2ban on my Centos reverse proxy server. I was able to get it to block all requests if a certain criteria was met (pretty straight forward). However, I'd now like to redirect the offending users instead of…
JoeInVT
  • 85
  • 1
  • 5
2
votes
1 answer

What's the difference between "firewall-cmd --reload" and "systemctl restart firewalld.service"?

What's the difference between "firewall-cmd --reload" and "systemctl restart firewalld"? Hope everyone who will answer this to have a great day!
Neo
  • 21
  • 1
  • 2
1
vote
1 answer

Restrict all outbound connections to a specific interface, and block if unavailable

I'm running Centos 7 in a VM (I don't believe this should matter, but for context...) Inside the VM, I'm running software to establish a tunnel. I can already accept connections from the host okay, but I want to force all outbound traffic over the…
Basic
  • 426
  • 2
  • 9
  • 23
1
vote
1 answer

Port Forward - KVM host forward port 23 to port 22 of a guest running an ssh service

I have a KVM server (host) with multiple virtual machines (guests). My goal is my host forward port 23 to port 22 of a guest running an ssh service. Command example... ssh root@[HOST_IP] -p 23 NOTE I: That was the command I used on the host to make…
Eduardo Lucio
  • 243
  • 2
  • 12
1
vote
1 answer

FirewallD not loading rule after reboot

I have FirewallD on Ubuntu Server 18.04. Got allowed services ssh http ipsec. But on reboot, firewall always allow ssh, ipsec but block http. To solve this, I have to run firewall-cmd --reload every time I boot server. Where can be problem?
Daniel Vítek
  • 11
  • 2
1
vote
0 answers

Add firewall-cmd service permanently

On RHEL 7, I am trying to add service postgresql permanently. Without --permanent option, the command below runs well. [root@sample services]# firewall-cmd --list-services dhcpv6-client http https ssh [root@sample services]# firewall-cmd…
idazuwaika
  • 209
  • 2
  • 4
  • 8
1
vote
0 answers

Block outgoing connections on Centos 7 with firewalld

I'm having following rules : public (default, active) interfaces: eth0 sources: services: dhcpv6-client http https ssh ports: masquerade: no forward-ports: icmp-blocks: rich rules: Everything works fine, then I'm adding…
sule
  • 11
  • 1
  • 3
1
vote
1 answer

Centos 7 firewall-cmd settings not persisting

I have decided to do a bit of spring cleaning, and am doing a refresh of some of my underlying infrastructure. One of the critical components I am overhauling is the Network Gateway server. I updated my Test Environment (which is an identical, but…
topherg
  • 151
  • 2
  • 10
1
vote
0 answers

Equivalent ipfw config for firewalld

On a system managed by firewalld it is possible to redirect incoming traffic on 443 to 8443 so the process listening doesn't have to run as root to bind to 443 which requires root. firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443 I…
washcloth
  • 111
  • 3
0
votes
1 answer

Firewalld still allowing traffic after removing port from zone

I have an issue with firewalld where I opened some ports and now want to close them for example I opened tcp/3000 in the public zone and now want to close it. So far I've tried this firewall-cmd --zone=public --remove-port=3000/tcp firewall-cmd…
Kagashe
  • 1
1
2 3