=> Firewall commands should be run as root user
=> Firewall commands differ based on OS version, check OS version for correct firewall commands
[root@oci-instance-001 ~]# cat /etc/*release
Oracle Linux Server release 8.6
=> Check the firewall status
[root@oci-instance-001 ~]# systemctl status firewalld
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2022-11-06 04:27:23 GMT; 51s ago
Docs: man:firewalld(1)
Main PID: 1466 (firewalld)
Tasks: 2 (limit: 3836)
Memory: 25.2M
CGroup: /system.slice/firewalld.service
└─1466 /usr/libexec/platform-python -s /usr/sbin/firewalld --nofork --nopid
Nov 06 04:27:21 localhost.localdomain systemd[1]: Starting firewalld - dynamic firewall daemon...
Nov 06 04:27:23 localhost.localdomain systemd[1]: Started firewalld - dynamic firewall daemon.
=> Check allowed ports in firewall
[root@oci-instance-001 ~]# firewall-cmd --list-all
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.0.0" accept
rule family="ipv4" source address="192.168.0.0/16" port port="8000" protocol="tcp" accept
[root@oci-instance-001 ~]#
=> Add required port - 8080 for Apache Tomcat for example
[root@oci-instance-001 ~]# firewall-cmd --add-port=8080/tcp --permanent
success
[root@oci-instance-001 ~]#
=> Restart firewall and verify newly added port
Restarting firewall command may hang leading to outage of the server. Server should be rebooted to fix this, so it is better to stop all applications running on the server and restart firewall.
[root@oci-instance-001 ~]# systemctl restart firewalld
[root@oci-instance-001 ~]# firewall-cmd --list-all
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports: 8080/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.0.0" accept
rule family="ipv4" source address="192.168.0.0/16" port port="8000" protocol="tcp" accept
[root@oci-instance-001 ~]#
No comments:
Post a Comment