With this lab, you'll get some practice with basic firewalld commands:
- Log into your CentOS 7 virtual machine and run the following commands. Observe the output after each one:
sudo firewall-cmd --get-zones
sudo firewall-cmd --get-default-zone
sudo firewall-cmd --get-active-zones
- Briefly view the man pages that deal with firewalld zones:
man firewalld.zones
man firewalld.zone
(Yes, there are two of them. One explains the zone configuration files, and the other explains the zones themselves.)
- Look at the configuration information for all of the available zones:
sudo firewall-cmd --list-all-zones
- Look at the list of predefined services. Then, look at information about the dropbox-lansync service:
sudo firewall-cmd --get-services
sudo firewall-cmd --info-service=dropbox-lansync
- Set the default zone to dmz. Look at information about the zone, add the http and https services, and then look at the zone information again:
sudo firewall-cmd --set-default-zone=dmz
sudo firewall-cmd --permanent --add-service={http,https}
sudo firewall-cmd --info-zone=dmz
sudo firewall-cmd --permanent --info-zone=dmz
- Reload the firewall configuration, and look at zone info again. Also, look at the list of services that are being allowed:
sudo firewall-cmd --reload
sudo firewall-cmd --info-zone=dmz
sudo firewall-cmd --list-services
- Permanently open port 10000/tcp, and view the results:
sudo firewall-cmd --permanent --add-port=10000/tcp
sudo firewall-cmd --list-ports
sudo firewall-cmd --reload
sudo firewall-cmd --list-ports
sudo firewall-cmd --info-zone=dmz
- Remove the port that you just added:
sudo firewall-cmd --permanent --remove-port=10000/tcp
sudo firewall-cmd --reload
sudo firewall-cmd --list-ports
sudo firewall-cmd --info-zone=dmz
- View the list of main pages for firewalld:
apropos firewall
- End of lab.