Firewalld is an open source firewall solution available on several linux distributions. Firewalld uses D-BUS for monitoring and dynamic management.
Questions tagged [firewalld]
64 questions
11
votes
3 answers
Getting firewalld to allow ping requests
On CentOS 7, I have installed and setup firewalld as follows:
Add ssh service to drop zone permanently (sudo firewall-cmd --zone=drop --permanent --add-service=ssh)
Make drop zone the default zone so that all non ssh requests are dropped (sudo…
user1638152
- 271
- 1
- 2
- 5
11
votes
1 answer
Opening a port with firewalld doesn't seem to work
I have configured sshd to live on a different port. I have opened that port using firewalld:
$ sudo firewall-cmd --zone=public --add-port=22000/tcp --permanent
Listing rules shows port 22000 is open:
$ sudo firewall-cmd --permanent…
mikemaccana
- 492
- 5
- 20
9
votes
1 answer
Configure FirewallD to allow bridged virtual machine network access
I have a Windows guest running on a virt-manager QEMU/KVM virtual machine.
My primary NIC eno1 is in a bridge br1 which is configured with my host IP address configuration. This VM is connected to said bridge.
My host firewall is in its default…
Jonathon Reinhart
- 3,384
- 12
- 35
- 54
7
votes
1 answer
How to block docker-mapped ports with a firewall from outside the host without messing up docker routing inside the host?
I have a docker container running on a host with some port mapped to a port on the host.
docker run -d -p 9009:9009 someserver
I want this machine firewalled off from the internet except for 80, 443 and 22.
But I still want processes inside the…
adapt-dev
- 261
- 2
- 6
7
votes
1 answer
firewall-cmd - add-forward-port don't work
I have a KVM server (host) with multiple virtual machines (guests).
My goal is my host forward port 222 to port 22 of a guest running an ssh service.
This works...
iptables -I OUTPUT -d 0.0.0.0/0 -j ACCEPT
iptables -I FORWARD -d 0.0.0.0/0 -j…
Eduardo Lucio
- 1,194
- 2
- 24
- 48
7
votes
1 answer
How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?
I'll confess at the start that I'm asking this question only after finding the answer and wanting to share it with everyone else. If this is bad form, then my sincere apologies and I'm open to the suggestions on the right way to share this hard-won…
John T.
- 301
- 2
- 3
- 7
3
votes
1 answer
using firewalld and firewall-cmd how to add-rule to primary INPUT chain not INPUT_direct
so after reading the firewalld man page and fedora documentation, I have come to the understanding that to add a custom rule to firewall with specific arguements i need to use the structure
firewall-cmd [--permanent] --direct --add-rule { ipv4 |…
Chris
- 141
- 1
- 7
3
votes
1 answer
Configure firewalld to distinguish home and public ethernet connection
I connect my notebook via ethernet at home and outside. I want to open some ports for services like samba only at home and not somewhere else.
How can i let firewalld automatically detect where i am, so the correct zone will be set?
Thery White
- 31
- 1
3
votes
1 answer
firewalld rich rules don't drop incoming traffic (CentOS 8 behind a NAT)
Post-Solving Edit
The reason this was so hard to solve at the firewall level was that it wasn't a firewall problem. Something @tom-yan said in chat made me revisit the script which pulls out the IP Addresses. It seems that sed was pumping out the…
Mark
- 113
- 11
3
votes
1 answer
Setting up rules in firewalld to allow clients in the same VPN subnet to communicate
I am trying to setup a Wireguard VPN on a Fedora server. I have it up and running and can connect with multiple clients, browse through it, ssh into the server etc. In general it just works. Except for one thing. If I have two clients connected at…
user2858835
- 51
- 5
3
votes
0 answers
Docker container can't make DNS queries with FirewallD running
While FirewallD is running, all DNS queries fail and are blocked by the firewall. Running tcpdump -i docker0 while running ping google.com in a container shows me
21:27:02.683342 IP 172.17.0.2.35118 > google-public-dns-a.google.com.domain: 54430+…
ollien
- 83
- 8
2
votes
0 answers
firewalld Zone "trusted" Drops about 15% of Frames that are Passed by Zone "public"
Background
I have two lab machines, which I'll refer to as A and B, running RHEL 8.0.
I SSH into A and B from my Windows desktop over a 1 GbE link, whose network interface I'll refer to as eth0.
A and B also have a direct 10 GbE fiber link between…
Dave
- 1,051
- 3
- 19
- 41
2
votes
1 answer
firewalld: forward traffic as a wireguard VPN gateway
I have setup a pi running Pi OS 11 as a VPN gateway for my local network using Wireguard & Nftables, that all works fine.
However, I wish to switch over to firewalld to be compatible with docker without using iptables.
What I have so far is…
uhsl_m
- 123
- 4
2
votes
0 answers
Fedora unable to mount nfs due to firewalld
I am trying to create a nfs to share between my host and guest VM (run with qemu-kvm).
I followed this guide ad this is the situation:
host:
cat /etc/exports
/mnt/nfsshare …
Louis
- 21
- 2
2
votes
2 answers
How to get an IP address blocked with firewall-cmd with immediate effect?
To replicate the problem have two different servers with their own IP addresses. Now start pinging one of them from the second one, and while still pinging block the first server's IP on the second one with one of two commands:
firewall-cmd -q…
Sasha
- 21
- 3