===== Firewall systemd =====
Algunos apuntes sobre como usar el firewall de systemd.
==== Deshabilitarlo ====
# systemctl disable firewalld
# systemctl stop firewalld
==== Habilitarlo ====
# systemctl enable firewalld
# systemctl start firewalld
==== Show rules ====
firewall-cmd --list-all # Default zone
firewall-cmd --list-all-zones # List all zones
==== Open ports ====
firewall-cmd --permanent --add-port=3306/tcp
==== Usar iptables ====
# systemctl disable firewalld
# systemctl stop firewalld
# yum install iptables-services
# systemctl start iptables
# systemctl start ip6tables
# systemctl enable iptables
# systemctl enable ip6tables
==== Validar el estado del servicio ====
sudo systemctl status firewalld
==== Obtain all open ports with netstat ====
* TCP:
sudo netstat -tupln | grep LISTEN | grep -v tcp6 | awk "{print \$4}" | awk -F: "{print \$2}" | sort |uniq > /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep ":::" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "::1:" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep -v "::1:" | grep -v ":::" | awk -F: "{print \$6}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "\."| awk -F: "{print \$2}" | sort | uniq >> /home/emonge/testportstcp
sudo cat /home/emonge/testportstcp | sort |uniq
* UDP
sudo netstat -tupln | grep LISTEN | grep -v udp6 | awk "{print \$4}" | awk -F: "{print \$2}" | sort |uniq > /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep ":::" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "::1:" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep -v "::1:" | grep -v ":::" | awk -F: "{print \$6}" | sort |uniq >> /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep "\."| awk -F: "{print \$2}" | sort | uniq >> /home/emonge/testportsudp
sudo cat /home/emonge/testportsudp | sort |uniq
==== Use above to open ports ====
sudo systemctl start firewalld
sudo systemctl enable firewalld
for i in $(cat /home/emonge/testportstcp|sort |uniq); do sudo firewall-cmd --permanent --add-port=$i/tcp;done
for i in $(cat /home/emonge/testportsudp|sort |uniq); do sudo firewall-cmd --permanent --add-port=$i/udp;done
sudo firewall-cmd --reload
==== Referencias ====
* https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html