====== firewalld ======
Fichiers xml pour le cas où firewalld serait en version assez ancienne.
''%%vim /etc/firewalld/services/snmp.xml%%''
SNMP
SNMP protocol
''%%vim /etc/firewalld/services/nrpe.xml%%''
NRPE
NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.
firewall-cmd --reload
firewall-cmd --zone=public --add-service snmp --permanent
firewall-cmd --reload
[root@com5crbdt801 ~]# firewall-cmd --zone=public --permanent --list-services
ssh dhcpv6-client
[root@com5crbdt801 ~]# firewall-cmd --get-active-zones
public
interfaces: ens192
[root@com5crbdt801 ~]#
[root@com5crbdt801 ~]# firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: ens192
sources:
services: ssh dhcpv6-client
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
firewall-cmd --permanent --zone=public --add-rich-rule='
rule family="ipv4"
source address="1.2.3.4/32"
port protocol="tcp" port="4567" accept'
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --list-services
ssh dhcpv6-client
[root@com5saslt803 ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
[root@com5saslt803 ~]# firewall-cmd --zone=public --add-service=snmp
success
[root@com5saslt803 ~]# firewall-cmd --zone=public --list-services
ssh dhcpv6-client snmp
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --add-service=snmp
success
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --list-services
ssh dhcpv6-client snmp
[root@com5saslt803 ~]# firewall-cmd --reload
success
[root@com5saslt803 ~]#
{{tag>GNU_Linux firewalld iptables}}