Fichiers xml pour le cas où firewalld serait en version assez ancienne.
vim /etc/firewalld/services/snmp.xml
<?xml version="1.0" encoding="utf-8"?> <service> <short>SNMP</short> <description>SNMP protocol</description> <port protocol="udp" port="161"/> </service>
vim /etc/firewalld/services/nrpe.xml
<?xml version="1.0" encoding="utf-8"?> <service> <short>NRPE</short> <description>NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.</description> <port protocol="tcp" port="5666"/> </service>
firewall-cmd --reload firewall-cmd --zone=public --add-service snmp --permanent firewall-cmd --reload
[root@com5crbdt801 ~]# firewall-cmd --zone=public --permanent --list-services ssh dhcpv6-client [root@com5crbdt801 ~]# firewall-cmd --get-active-zones public interfaces: ens192 [root@com5crbdt801 ~]# [root@com5crbdt801 ~]# firewall-cmd --zone=public --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh dhcpv6-client ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
firewall-cmd --permanent --zone=public --add-rich-rule=' rule family="ipv4" source address="1.2.3.4/32" port protocol="tcp" port="4567" accept'
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --list-services ssh dhcpv6-client [root@com5saslt803 ~]# firewall-cmd --get-services RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server [root@com5saslt803 ~]# firewall-cmd --zone=public --add-service=snmp success [root@com5saslt803 ~]# firewall-cmd --zone=public --list-services ssh dhcpv6-client snmp [root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --add-service=snmp success [root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --list-services ssh dhcpv6-client snmp [root@com5saslt803 ~]# firewall-cmd --reload success [root@com5saslt803 ~]#