===== Firewall systemd =====
Algunos apuntes sobre como usar el firewall de systemd.

==== Deshabilitarlo ====
<code>
# systemctl disable firewalld
# systemctl stop firewalld
</code>

==== Habilitarlo ====
<code>
# systemctl enable firewalld
# systemctl start firewalld
</code>

==== Show rules ====
<code>
firewall-cmd --list-all # Default zone
firewall-cmd --list-all-zones # List all zones
</code>

==== Open ports ====
<code>
firewall-cmd --permanent --add-port=3306/tcp
</code>

==== Usar iptables ====
<code>
# systemctl disable firewalld
# systemctl stop firewalld
# yum install iptables-services
# systemctl start iptables
# systemctl start ip6tables
# systemctl enable iptables
# systemctl enable ip6tables
</code>

==== Validar el estado del servicio ====
<code>
sudo systemctl status firewalld
</code>

==== Obtain all open ports with netstat ====
  * TCP:
<code>
sudo netstat -tupln | grep LISTEN | grep -v tcp6 | awk "{print \$4}" | awk -F: "{print \$2}" | sort |uniq > /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep ":::" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "::1:" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep -v "::1:" | grep -v ":::" | awk -F: "{print \$6}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "\."| awk -F: "{print \$2}" | sort | uniq >> /home/emonge/testportstcp
sudo cat /home/emonge/testportstcp | sort |uniq
</code>
  * UDP
<code>
sudo netstat -tupln | grep LISTEN | grep -v udp6 | awk "{print \$4}" | awk -F: "{print \$2}" | sort |uniq > /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep ":::" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "::1:" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep -v "::1:" | grep -v ":::" | awk -F: "{print \$6}" | sort |uniq >> /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep "\."| awk -F: "{print \$2}" | sort | uniq >> /home/emonge/testportsudp
sudo cat /home/emonge/testportsudp | sort |uniq
</code>

==== Use above to open ports ====
<code>
sudo systemctl start firewalld
sudo systemctl enable firewalld
for i in $(cat /home/emonge/testportstcp|sort |uniq); do sudo firewall-cmd --permanent --add-port=$i/tcp;done
for i in $(cat /home/emonge/testportsudp|sort |uniq); do sudo firewall-cmd --permanent --add-port=$i/udp;done
sudo firewall-cmd --reload
</code>

==== Referencias ====
  * https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Security_Guide/sec-Using_Firewalls.html