Protecting Your System via `firewalld` in SUSE Linux Enterprise

30 minutes
  • 3 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we will work with firewalld via YaST to enable the firewall as well as allow some ports. This is a fundamental process for any administrator and something that should be considered a basic task.

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Verify the Status of the Firewall on the Affected System
  1. Check iptables:

    sudo iptables -S
  2. Verify the rules are blank.

Use YaST to Enable the Firewall, Move the Interface, and Allow the Appropriate Services
  1. Open YaST:

    sudo yast
  2. Under Security and Users > Firewall > Start-Up, set the current status to be start, and after reboot to start.

  3. Go to Interfaces, and move the eth0 interface to the public zone.

  4. Configure the public zone to add HTTP, and confirm that at least HTTP and SSH are allowed

  5. Save the configuration and exit YaST.

Verify That the Firewall Is Set Correctly
  1. Check iptables:

    sudo iptables -S
  2. Near the end of the listing, you should see the rules for:

    -A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j ACCEPT
    -A IN_public_allow -p tcp -m tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT

Additional Resources

In your enterprise, there is a server that has failed a security audit. It seems the firewall is not active on this server, and you will need to set a minimum configuration to get the server back in compliance.

You will need to:

  • Check iptables to see the rules are in fact blank to confirm you are on the affected server.
  • Enable the firewall, and ensure it persists after reboot.
  • Move the eth0 interface into the public zone and allow SSH and HTTP.
  • Verify via iptables that the changes are set correctly.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?