Managing a local firewall is something pretty much every Linux admin is going to have to do during their career.
Many operating systems have adopted firewalld as the local firewall management system moving forward. Setting this up can lead to a more secure server and increase security through your environment.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Block SSH but allow HTTP
Use the
block
zone to filter on specific hosts and ports.You can run the following commands:
firewall-cmd --zone=block --add-source=10.0.1.101
firewall-cmd --zone=block --add-service=http
You can verify settings with:
firewall-cmd --info-zone=block
- Allow ping
Since ping uses the ICMP protocol and not a specific port, we can’t just add a port or service.
We need to use a rich rule:
firewall-cmd --zone=block --add-rich-rule='rule protocol value="icmp" accept'