Title here
Summary here
Firewalld
# Show the current state of the firewall
> firewall-cmd --state
# Get the default zone name
> firewall-cmd --get-default-zone
# List all active zones
> firewall-cmd --get-active-zones
# List all rules and zones
> firewall-cmd --list-all
# Get a list of all zones
> firewall-cmd --get-zones
# List all rules in the home zone
> firewall-cmd --zone=home --list-all
# Change the interface for the home zone
> firewall-cmd --zone=home --change-interface=eth0
# Set the default zone to home
> firewall-cmd --set-default-zone=home
# List all services
> firewall-cmd --get-services
# Add the http service to the public zone (runtime)
> firewall-cmd --zone=public --add-service=http
# List all services in the public zone (runtime)
> firewall-cmd --zone=public --list-services
# Make the addition of the http service permanent
> firewall-cmd --zone=public --add-service=http --permanent
# Convert runtime rules to permanent ones
> firewall-cmd --runtime-to-permanent
# List all permanent services in the public zone
> firewall-cmd --zone=public --list-services --permanent
# Add a port rule for TCP/5000 in the public zone (runtime)
> firewall-cmd --zone=public --add-port=5000/tcp
# Add a port range rule for UDP/4990-4999 in the public zone (runtime)
> firewall-cmd --zone=public --add-port=4990-4999/udp
# Create a new permanent zone named publicweb
> firewall-cmd --permanent --new-zone=publicweb
# Reload the firewall configuration
> firewall-cmd --reload
# List all zones again after reloading
> firewall-cmd --get-zones
# Add a source IP rule for 10.10.0.100/32 in the prometheus-access zone (permanent)
> firewall-cmd --zone=prometheus-access --add-source=10.10.0.100/32 --permanent
# Remove a source IP rule for 10.10.0.100/20 from the prometheus-access zone (permanent)
> firewall-cmd --zone=prometheus-access --remove-source=10.10.0.100/20 --permanent
# Add a port rule for TCP/9100 in the prometheus-access zone (permanent)
> firewall-cmd --zone=prometheus-access --add-port=9100/tcp --permanent
# Use sudo to add or remove a port rule for TCP/9100
> sudo firewall-cmd --add-port=9100/tcp --permanent OR firewall-cmd --zone=public --remove-port=9100/tcp
# Allow port 5000 from 10.10.0.100
> firewall-cmd --zone=public \
--add-rich-rule='rule family="ipv4" source address="10.10.0.100/32" port port="5000" protocol="tcp" accept'Next
Nitrokey HSM