Basic Configuration of Firewall on Linux

Paul Harris — Mon, 29 Jul 2019 07:34:24 +0000

Basic commands firewalld

Look status:

# systemctl status firewall

# firewall-cmd --state

running

View zones:

# firewall-cmd –list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: eth0

sources:

services: dhcpv6-client ssh

ports: 8081/tcp 53/udp 53/tcp

protocols:

masquerade: no

forward-ports:

source-ports:

icmp-blocks:

rich rules:

It is seen that the open service: ssh (22/TCP),dhcpv6-client and ports 8081/tcp 53/udp 53/tcp, a Protocol is required without this the command will not be accepted

Allow connection to a specific port (for example 1732 ) is very simple:

# firewall-cmd --add-port=1732/tcp

# firewall-cmd --runtime-to-permanent

The second command will overwrite the Active settings to the saved and agreeme at boot

To remove a port from the rules, use the –remove-port parameter:

# firewall-cmd --remove-port=1732/tcp

# firewall-cmd --runtime-to-permanent

In General, many –add-* commands have values for checking the status of –query-*, –list-* — list, changing –change -*, or deleting –remove the corresponding value. For brevity, we will not continue to focus on this. After reload rules check:

# firewall-cmd --list-ports

Firewalld provides a mode that allows you to block all connections with a single command:

# firewall-cmd --panic-on

To check which mode the firewall is in, there is a special key:

# firewall-cmd --query-panic

Panic mode is disabled:

# firewall-cmd --panic-off

It is not necessary to know which port is associated with the service in firewalld, just specify the name of the service. The utility will take care of the rest. After installing firewall knows the settings of more than 50 services, we get a list of them.

# firewall-cmd --get-services

Allow http connection:

# firewall-cmd --add-service=http

Using braces, you can specify multiple services at once. Information on the settings of the services available through

# firewall-cmd --info-ser

How To Setup ConfigServer Security and Firewall (CSF) on CentOS 7 and 8

Alex — Fri, 20 Nov 2020 09:34:46 +0000

ConfigServer Security & Firewall (CSF) is a packet health monitoring tool (SPI), login or intrusion detection and security application for Linux servers. This is a very popular security package, but still
not officially supported on CentOS 7. CentOS 7 uses firewalld, but dodn’t use iptables. A google search will give you a picture that many faithful CentOS users find firewalld too complicated for their needs and fall back on iptables.
Iptables was the default firewall for CentOS 5 and 6. This tutorial is focused on showing you how to disable firewalld, install IP tables, CSF and CSF dependencies.

Install CSF

First you need to install CSF and disable and stop firewalld. This can be done using the following command:

systemctl disable firewalld
systemctl stop firewalld

Next, you need to install Iptables. This can be done using the following command:

yum -y install iptables-services

Then you need to create files needed by iptables

  touch /etc/sysconfig/iptables
  touch /etc/sysconfig/iptables6

Next, you need to run iptables

systemctl start iptables
systemctl start ip6tables

Then you need to enable iptables at boot

systemctl enable iptables
systemctl enable ip6tables

Install CSF dependencies

yum -y install wget perl unzip net-tools perl-libwww-perl perl-LWP-Protocol-https perl-GDGraph -y

Download and run the CSF installer.

cd /opt
wget https://download.configserver.com/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

Delete the following installation files

rm -rf /opt/csf
rm /opt/csf.tgz

Done. All steps have been successfully completed.

Firewall – Hostry Help Center

Basic Configuration of Firewall on Linux

Basic commands firewalld

How To Setup ConfigServer Security and Firewall (CSF) on CentOS 7 and 8

Install CSF