Yet Another Wiki

User Tools

Site Tools

Trace: firewalld
informatique:linux:firewalld

firewalld

Fichiers xml pour le cas où firewalld serait en version assez ancienne.

vim /etc/firewalld/services/snmp.xml 

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SNMP</short>
  <description>SNMP protocol</description>
  <port protocol="udp" port="161"/>
</service>

vim /etc/firewalld/services/nrpe.xml 

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>NRPE</short>
  <description>NRPE allows you to execute Nagios plugins on a remote host in as transparent a manner as possible.</description>
  <port protocol="tcp" port="5666"/>
</service>
firewall-cmd --reload
firewall-cmd --zone=public --add-service snmp --permanent
firewall-cmd --reload
[root@com5crbdt801 ~]# firewall-cmd --zone=public --permanent --list-services
ssh dhcpv6-client
[root@com5crbdt801 ~]# firewall-cmd --get-active-zones
public
  interfaces: ens192
[root@com5crbdt801 ~]# 
[root@com5crbdt801 ~]#  firewall-cmd --zone=public --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: ens192
  sources:
  services: ssh dhcpv6-client
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
firewall-cmd --permanent --zone=public --add-rich-rule='
  rule family="ipv4"
  source address="1.2.3.4/32"
  port protocol="tcp" port="4567" accept'
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --list-services
ssh dhcpv6-client
[root@com5saslt803 ~]# firewall-cmd --get-services
RH-Satellite-6 amanda-client amanda-k5-client bacula bacula-client bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client dns docker-registry dropbox-lansync elasticsearch freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master high-availability http https imap imaps ipp ipp-client ipsec iscsi-target kadmin kerberos kibana klogin kpasswd kshell ldap ldaps libvirt libvirt-tls managesieve mdns mosh mountd ms-wbt mssql mysql nfs nfs3 nrpe ntp openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius rpc-bind rsh rsyncd samba samba-client sane sip sips smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client vdsm vnc-server wbem-https xmpp-bosh xmpp-client xmpp-local xmpp-server
[root@com5saslt803 ~]# firewall-cmd --zone=public --add-service=snmp
success
[root@com5saslt803 ~]# firewall-cmd --zone=public --list-services
ssh dhcpv6-client snmp
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --add-service=snmp
success
[root@com5saslt803 ~]# firewall-cmd --zone=public --permanent --list-services
ssh dhcpv6-client snmp
[root@com5saslt803 ~]# firewall-cmd --reload
success
[root@com5saslt803 ~]#
, ,
informatique/linux/firewalld.txt · Last modified: 2020/05/04 17:53 by didzkovitchz