Advanced Firewalld

1.5 hours
  • 3 Learning Objectives

About this Hands-on Lab

In this hands-on lab, you will need to use firewalld to create a new service, add that new service to permitted connections for the default zone, drop all traffic from an IPSet, and add a rich rule for traffic from a specific subnet.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Create a new service in firewalld.
  • The service name should be: jobsub.
  • The service’s ports are: TCP 5671-5677.
  • This service should be enabled for the default zone (public).
Create an IPSet in firewalld.

You will need to create an IPSet for the following IPs and name it kiosk:


Send all traffic from the kiosk IPSet to the drop zone.

Add a rich rule for TCP 8080 traffic.

Add a rich rule to accept traffic from to port 8080:

firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address= port port=8080 protocol=tcp accept

Additional Resources

A business unit is requesting that you prepare a new host for a batch job submission application they will need implemented.

They need the requisite ports open for this application: 5671-5677

They also need the management interface port, 8080, open only to the subnet

Finally, this host should be inaccessible from the kiosk IPs:


What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?