Firewall Rules

 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 Firewall

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 To configure Firewalld to only allow connections to permitted hosts on a Linux system

To configure Firewalld to only allow connections to permitted hosts on a Linux system, you can follow these steps: 

  1. Identify the network interface that you want to apply the firewall rules to. For example, the interface name could be "eth0" or "enp0s3". 

  2. Define the permitted hosts that you want to allow connections from. You can use IP addresses or hostname entries. 

  3. Create a new Firewalld zone for the interface that you want to apply the rules to. For example, you could name the zone "trusted". 

 

 

sudo firewall-cmd --permanent --new-zone=trusted 

 

Add the network interface to the new zone. 

 

sudo firewall-cmd --permanent --zone=trusted --add-interface=<interface-name> 

 

Replace <interface-name> with the name of the interface that you want to apply the rules to. 

 

Add the permitted hosts to the new zone. 

 

sudo firewall-cmd --permanent --zone=trusted --add-source=<ip-address>/<netmask> 

sudo firewall-cmd --permanent --zone=trusted --add-source=<hostname> 

 

Replace <ip-address>/<netmask> with the IP address and netmask of the permitted host, and <hostname> with the hostname of the permitted host. 

 

Remove the default rules from the new zone. 

 

sudo firewall-cmd --permanent --zone=trusted --remove-service=ssh 

sudo firewall-cmd --permanent --zone=trusted --remove-service=dhcpv6-client 

 

Reload the Firewalld configuration. 

 

sudo firewall-cmd –reload 

 

After completing these steps, Firewalld will only allow connections to the network interface from the specified permitted hosts. All other connections will be blocked. Note that you may need to adjust the rules depending on your specific network configuration and security requirements.

 

Comments

Post a Comment

Popular posts from this blog

NTP:

Image
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ On CentOS : 6.8  :    cat / etc /* elease   cat / etc /* elease   CentOS release 6.8 (Final)   CentOS release 6.8 (Final)   CentOS release 6.8 (Final)     Restarting NTP service    [root@vodb1-am ~]#  sudo  / etc / init.d / ntpd  restart   Shutting down  ntpd :                                        [  OK  ]   Starting  ntpd :                                     ...
Read more

Network-Interface

 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ To find the network interface on Linux, you can use the   ifconfig   or   ip   command in the terminal.   Here's how you can use   ifconfig :   Open the terminal on your Linux system.   Type   ifconfig   and press Enter.   You'll see a list of network interfaces along with their IP addresses, netmasks, and other information.   Here's how you can use   ip :   Open the terminal on your Linux system.   Type   ip   addr   and press Enter.   You'll see a list of network interfaces along with their IP addresses, netmasks, and other information.   Both   ifconfig   and   ip   commands can be used to display the network interface configurations.   ip   is the newer and more powerful command to configure...
Read more

NetMask

Image
 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++   You can find the netmask for a network interface in Linux by using the   ifconfig   or   ip   command.     Using   ifconfig :     ifconfig   <interface-name>       Replace   <interface-name>   with the name of the interface that you want to find the netmask for. The netmask is usually listed next to the "netmask" keyword in the output.   Netmask is 255.255.255.0     What is a Netmask     In computer networking, a netmask (short for "network mask") is a 32-bit number that is used to divide an IP address into subnets and determine the network and host portions of the address.   The netmask is a binary pattern of 1s and 0s that is applied to the IP address, and it identifies which bits in the IP addr...
Read more