How to manage firewall on Centos7 with firewall-cmd
Centos7 is a great server OS. There are bunch of other sites, which describe how to manage firewall rules, here I am just gathering those, that I often use, so I don’t have to google them again.
# show firewall state firewall-cmd --state
# list all rules firewall-cmd --list-all
# accept (allow everything) from the network range firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="220.127.116.11/24" accept'
# add specific service for public access firewall-cmd --zone=public --add-service=http firewall-cmd --zone=public --add-service=https # remove specific service for public access firewall-cmd --zone=public --remove-service=cockpit # add port forwarding to local IP (example for port 5432) firewall-cmd --add-forward-port=port=5432:proto=tcp:toport=5432:toaddr=192.168.100.xxx firewall-cmd --add-masquerade # NOTE: - i could not make it work, so I ended setting up HAProxy for this
# save running configuration, so it is maintained after reboot firewall-cmd --runtime-to-permanent