Super User
Super User

Questions tagged [firewalld]

Firewalld is an open source firewall solution available on several linux distributions. Firewalld uses D-BUS for monitoring and dynamic management.

70 questions
16
votes
4 answers

Getting firewalld to allow ping requests

On CentOS 7, I have installed and setup firewalld as follows: Add ssh service to drop zone permanently (sudo firewall-cmd --zone=drop --permanent --add-service=ssh) Make drop zone the default zone so that all non ssh requests are dropped (sudo…
user1638152
  • 321
11
votes
1 answer

Opening a port with firewalld doesn't seem to work

I have configured sshd to live on a different port. I have opened that port using firewalld: $ sudo firewall-cmd --zone=public --add-port=22000/tcp --permanent Listing rules shows port 22000 is open: $ sudo firewall-cmd --permanent…
mikemaccana
  • 512
9
votes
1 answer

Configure FirewallD to allow bridged virtual machine network access

I have a Windows guest running on a virt-manager QEMU/KVM virtual machine. My primary NIC eno1 is in a bridge br1 which is configured with my host IP address configuration. This VM is connected to said bridge. My host firewall is in its default…
Jonathon Reinhart
  • 3,514
9
votes
1 answer

How can I configure firewalld to block all outgoing traffic except for specific ports while allowing localhost to access any of its own local ports?

I started out with this: # First, allow outbound traffic for all allowed inbound traffic firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m state --state ESTABLISHED,RELATED -j ACCEPT # Allow outbound HTTP, HTTPS, DNS firewall-cmd --direct…
John T.
  • 341
8
votes
2 answers

firewall-cmd - add-forward-port don't work

I have a KVM server (host) with multiple virtual machines (guests). My goal is my host forward port 222 to port 22 of a guest running an ssh service. This works... iptables -I OUTPUT -d 0.0.0.0/0 -j ACCEPT iptables -I FORWARD -d 0.0.0.0/0 -j…
Eduardo Lúcio
  • 1,314
7
votes
1 answer

How to block docker-mapped ports with a firewall from outside the host without messing up docker routing inside the host?

I have a docker container running on a host with some port mapped to a port on the host. docker run -d -p 9009:9009 someserver I want this machine firewalled off from the internet except for 80, 443 and 22. But I still want processes inside the…
adapt-dev
  • 261
4
votes
1 answer

How to open a UDP port in the Centos 7 firewall, firewalld, using firewall-cmd?

Centos 7 server. Trying to open port 3000 for UDP, nodejs ws websockets. Any ideas? I'm stuck! I've checked a few other SO posts to no avail. Thx, Keith =) If is stop the firewall, the udp unicast works fine When I start the firewall, websocket…
kmiklas
  • 249
3
votes
1 answer

using firewalld and firewall-cmd how to add-rule to primary INPUT chain not INPUT_direct

so after reading the firewalld man page and fedora documentation, I have come to the understanding that to add a custom rule to firewall with specific arguements i need to use the structure firewall-cmd [--permanent] --direct --add-rule { ipv4 |…
Chris
  • 141
3
votes
1 answer

Configure firewalld to distinguish home and public ethernet connection

I connect my notebook via ethernet at home and outside. I want to open some ports for services like samba only at home and not somewhere else. How can i let firewalld automatically detect where i am, so the correct zone will be set?
Thery White
  • 31
3
votes
1 answer

firewalld rich rules don't drop incoming traffic (CentOS 8 behind a NAT)

Post-Solving Edit The reason this was so hard to solve at the firewall level was that it wasn't a firewall problem. Something @tom-yan said in chat made me revisit the script which pulls out the IP Addresses. It seems that sed was pumping out the…
Mark
  • 113
3
votes
1 answer

Setting up rules in firewalld to allow clients in the same VPN subnet to communicate

I am trying to setup a Wireguard VPN on a Fedora server. I have it up and running and can connect with multiple clients, browse through it, ssh into the server etc. In general it just works. Except for one thing. If I have two clients connected at…
user2858835
  • 51
3
votes
0 answers

Docker container can't make DNS queries with FirewallD running

While FirewallD is running, all DNS queries fail and are blocked by the firewall. Running tcpdump -i docker0 while running ping google.com in a container shows me 21:27:02.683342 IP 172.17.0.2.35118 > google-public-dns-a.google.com.domain: 54430+…
ollien
  • 83
2
votes
0 answers

Cannot redirect from Wireguard to VM

I have a bastion and a physical server. Both are linked through a Wireguard tunnel (wg0 as interface in both), with their IPs being respectively 172.16.0.0 and 172.16.1.0. On the server, I have a VM whose IP is 192.168.122.173, with the interface on…
Lerenn
  • 81
2
votes
0 answers

firewalld Zone "trusted" Drops about 15% of Frames that are Passed by Zone "public"

Background I have two lab machines, which I'll refer to as A and B, running RHEL 8.0. I SSH into A and B from my Windows desktop over a 1 GbE link, whose network interface I'll refer to as eth0. A and B also have a direct 10 GbE fiber link between…
Dave
  • 1,129
2
votes
1 answer

firewalld: forward traffic as a wireguard VPN gateway

I have setup a pi running Pi OS 11 as a VPN gateway for my local network using Wireguard & Nftables, that all works fine. However, I wish to switch over to firewalld to be compatible with docker without using iptables. What I have so far is…
uhsl_m
  • 123
1
2 3 4 5