Trace: ansible_rhel_8 firewall_systemd

Firewall systemd

Table of Contents

Algunos apuntes sobre como usar el firewall de systemd.

Deshabilitarlo

# systemctl disable firewalld
# systemctl stop firewalld

Habilitarlo

# systemctl enable firewalld
# systemctl start firewalld

Show rules

firewall-cmd --list-all # Default zone
firewall-cmd --list-all-zones # List all zones

Open ports

firewall-cmd --permanent --add-port=3306/tcp

Usar iptables

# systemctl disable firewalld
# systemctl stop firewalld
# yum install iptables-services
# systemctl start iptables
# systemctl start ip6tables
# systemctl enable iptables
# systemctl enable ip6tables

Validar el estado del servicio

sudo systemctl status firewalld

Obtain all open ports with netstat

  • TCP:
sudo netstat -tupln | grep LISTEN | grep -v tcp6 | awk "{print \$4}" | awk -F: "{print \$2}" | sort |uniq > /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep ":::" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "::1:" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep -v "::1:" | grep -v ":::" | awk -F: "{print \$6}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "\."| awk -F: "{print \$2}" | sort | uniq >> /home/emonge/testportstcp
sudo cat /home/emonge/testportstcp | sort |uniq
  • UDP
sudo netstat -tupln | grep LISTEN | grep -v udp6 | awk "{print \$4}" | awk -F: "{print \$2}" | sort |uniq > /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep ":::" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportstcp
sudo netstat -tupln | grep LISTEN | grep tcp6 | awk "{print \$4}"| grep "::1:" | awk -F: "{print \$4}" | sort |uniq >> /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep -v "::1:" | grep -v ":::" | awk -F: "{print \$6}" | sort |uniq >> /home/emonge/testportsudp
sudo netstat -tupln | grep LISTEN | grep udp6 | awk "{print \$4}"| grep "\."| awk -F: "{print \$2}" | sort | uniq >> /home/emonge/testportsudp
sudo cat /home/emonge/testportsudp | sort |uniq

Use above to open ports

sudo systemctl start firewalld
sudo systemctl enable firewalld
for i in $(cat /home/emonge/testportstcp|sort |uniq); do sudo firewall-cmd --permanent --add-port=$i/tcp;done
for i in $(cat /home/emonge/testportsudp|sort |uniq); do sudo firewall-cmd --permanent --add-port=$i/udp;done
sudo firewall-cmd --reload

Referencias

firewall_systemd.txt · Last modified: 2019/10/08 12:39
Public Domain Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain