Netfilter with FirewallD front-end

tested on RHEL/CentOS 7

Default policy

Check your zones,

firewall-cmd --get-default-zone
firewall-cmd --get-active-zones
firewall-cmd --list-all

firewall-cmd --list-all-zones

Make sure ICMP is enabled,

firewall-cmd --list-icmp-blocks
for type in `firewall-cmd --get-icmptypes`; do firewall-cmd --query-icmp-block=$type; done; unset type
firewall-cmd --query-icmp-block-inversion

If you need to open a TCP port e.g.,

firewall-cmd --zone=public --add-port=SOME_PORT/tcp --permanent
firewall-cmd --reload

eventually filter the default ssh port,

firewall-cmd --zone=public --remove-service=ssh --permanent
firewall-cmd --reload

NAT

firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o EXTERNAL_NETIF -j MASQUERADE -s INTERNAL_IP/PREFIX
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i INTERNAL_NETIF -j ACCEPT
firewall-cmd --reload

HOME | GUIDES | LECTURES | LAB | SMTP HEALTH | HTML5 | CONTACT
Copyright © 2024 Pierre-Philipp Braun