Lab
A Cloud Guru

Advanced Firewalld

In this hands-on lab, you will need to use firewalld to create a new service, add that new service to permitted connections for the default zone, drop all traffic from an IPSet, and add a rich rule for traffic from a specific subnet.

Try for free Contact sales

Path Info

Level

Advanced

Duration

1h 30m

Published

Nov 14, 2018

Challenge

Create a new service in firewalld.
- The service name should be: jobsub.
- The service's ports are: TCP 5671-5677.
- This service should be enabled for the default zone (public).
Challenge

Create an IPSet in firewalld.
You will need to create an IPSet for the following IPs and name it kiosk:
- 10.0.1.12
- 192.168.1.0/24
Send all traffic from the kiosk IPSet to the drop zone.
Challenge

Add a rich rule for TCP 8080 traffic.

Add a rich rule to accept traffic from 10.0.1.0/24 to port 8080:

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.0.1.0/24 port port=8080 protocol=tcp accept

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.