Skip to content

New beginners guide to firewalld #550

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Feb 14, 2022
Merged

New beginners guide to firewalld #550

merged 9 commits into from
Feb 14, 2022

Conversation

@sspencerwire
Copy link
Contributor

@sspencerwire sspencerwire commented Feb 8, 2022
edited
Loading

  • tested rules using an LXD container
  • did an editing pass checking word usage, commas, and general feel
  • would really, really, really like some input on this

Author checklist (Completed by original Author)

  • Contribution a good fit for the Rocky project? Title and Author MetaTags inserted ?
  • Is this a non-English contribution?
  • If applicable, steps and instructions have been tested to work on a real system
  • Did you perform an initial self-review to fix basic typos and grammatical correctness

Rocky Documentation checklist (Completed by Rocky team)

  • 1st Pass (Check that document is good fit for project and author checklist completed)
  • 2nd Pass (Technical Review - check for technical correctness)
  • 3rd Pass (Basic Editorial Review)
  • 4th Pass (Detailed Editorial Review and Peer Review)
  • Final pass/approval (Final Review)

@sspencerwire
New beginners guide to firewalld
93e8d37 
* tested rules using an LXD container
* did an editing pass checking word usage, commas, and general feel
* would really, really, really like some input on this
@sspencerwire
Copy link
Contributor Author

sspencerwire commented Feb 8, 2022

I would love someone to review this with a technical eye, particularly if you have experience using firewalld. Please add your comment and suggestions!

sspencerwire and others added 2 commits February 9, 2022 09:27
@sspencerwire
Fixed a couple of issues
90e8c0d 
* wrong word, "form" instead of "from" fixed
* admonition indentation that @wsoyinka added is fixed
* added the update meta
* a couple of other minor fixes
@EzequielBruni
Ezequiel's Editing Pass (TM)
9d9b0a6
@EzequielBruni
Copy link
Collaborator

EzequielBruni commented Feb 9, 2022
edited
Loading

Alright, I gave it an editing pass, adding some bits I thought might be useful. I only have one overall piece of feedback: this isn't strictly a beginner's guide to firewalld, so much as it is an iptables user's guide to firewalld. Maybe we should change the title to reflect that?

Later on, I could take a lot of what's here and give it the absolute newbie treatment if y'all think that would be good.

@sspencerwire
Change internal title
fd218e0 
* Ezequiel Bruni brought up a good point that this wasn't so much a
beginners guide to firewalld, but an iptables guide to using firewalld.
@alemorvan
Copy link
Contributor

alemorvan commented Feb 10, 2022

Could we add a paragraph with instructions on how to check firewall state ?

Something like this:

Remember to check the status of your firewall with either :

the command firewall-cmd:

$ firewall-cmd --state
running

the systemctl command:

$ systemctl status firewalld

@alemorvan
Copy link
Contributor

alemorvan commented Feb 10, 2022

I like the Common firewall-cmd Commands table 👍

@alemorvan
Copy link
Contributor

alemorvan commented Feb 10, 2022

What about adding a paragraph about testing if a port is open ?
The tool to do that (forgive telnet 🙏 ) is netcat (nc).
For example:

nc -zv 192.168.1.10 22

The -u option is use to test udp port.

@sspencerwire
Fixes and Adds
4b4e4d7 
* added some additional explanation with regard to the
`--runtime-to-peermanent` option
* corrected a word usage issue
* added sections for Database and DNS
alemorvan
alemorvan reviewed Feb 11, 2022
View reviewed changes
alemorvan
alemorvan reviewed Feb 11, 2022
View reviewed changes
docs/guides/security/firewalld.md
|`firewall-cmd --runtime-to-permanent`| if you have entered many rules without the --permanent option, do this before reloading. |

There are a great many `firewall-cmd` options not covered here, but this gives you the most used commands.

Copy link
Contributor

@alemorvan alemorvan Feb 11, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Testing connections

System administrators are very fond of the telnet command to perform their tests and verify that a port is open and accessible.

Today, the recommended command is nc (netcat) which you can use as follows:

nc -zv 192.168.1.10 22

The -u option is use to test udp port by the same way.

sspencerwire and others added 2 commits February 14, 2022 08:36
@sspencerwire @alemorvan
Update docs/guides/security/firewalld.md
09dc25f 
Add firewall state testing from @alemorvan

Co-authored-by: Antoine Le Morvan <antoine@le-morvan.com>
@sspencerwire
Final changes
711c382 
* made final changes from the editing pass providedd by Ezequiel and the
suggested changes provided by Antoine
* one final bit of rewording to help clarify things
* will merge this now!
@sspencerwire sspencerwire merged commit 5347520 into rocky-linux:main Feb 14, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alemorvan alemorvan alemorvan left review comments

@EzequielBruni EzequielBruni Awaiting requested review from EzequielBruni

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sspencerwire @EzequielBruni @alemorvan @wsoyinka