Lab
A Cloud Guru

Using 'firewalld' for Advanced Packet Filtering

Managing a local firewall is something pretty much every Linux admin is going to have to do during their career. Many operating systems have adopted firewalld as the local firewall management system moving forward. Setting this up can lead to a more secure server and increase security through your environment.

Try for free Contact sales

Path Info

Level

Intermediate

Duration

1h 0m

Published

Nov 12, 2018

Challenge

Block SSH but allow HTTP

Use the block zone to filter on specific hosts and ports.

You can run the following commands:

firewall-cmd --zone=block --add-source=10.0.1.101

firewall-cmd --zone=block --add-service=http

You can verify settings with:

firewall-cmd --info-zone=block
Challenge

Allow ping

Since ping uses the ICMP protocol and not a specific port, we can't just add a port or service.

We need to use a rich rule:

firewall-cmd --zone=block --add-rich-rule='rule protocol value="icmp" accept'

Author

A Cloud Guru

The Cloud Content team comprises subject matter experts hyper focused on services offered by the leading cloud vendors (AWS, GCP, and Azure), as well as cloud-related technologies such as Linux and DevOps. The team is thrilled to share their knowledge to help you build modern tech solutions from the ground up, secure and optimize your environments, and so much more!

What's a lab?

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.