diff --git a/.vscode/settings.json b/.vscode/settings.json index b01c317..b9c8239 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -163,6 +163,7 @@ "keepass", "keybase", "keygrip", + "killall", "kivi", "knockd", "kubeconfig", diff --git a/knowledge base/firewalld.md b/knowledge base/firewalld.md index b627ba7..d38c2ae 100644 --- a/knowledge base/firewalld.md +++ b/knowledge base/firewalld.md @@ -38,6 +38,14 @@ sudo firewall-cmd --list-services sudo firewall-cmd --list-services --zone='public' sudo firewall-cmd --list-services --permanent +# Create service definitions. +sudo firewall-cmd --permanent --new-service 'gitea' \ +&& sudo firewall-cmd --permanent --service 'gitea' --set-description \ + 'Painless self-hosted all-in-one software development service similar to GitHub, Bitbucket and GitLab.' \ +&& sudo firewall-cmd --permanent --service 'gitea' --set-short 'Private, fast and reliable DevOps platform' \ +&& sudo firewall-cmd --permanent --service 'gitea' --add-port '2222/tcp' \ +&& sudo firewall-cmd --permanent --service 'gitea' --add-port '3000/tcp' + # Allow services. sudo firewall-cmd --add-service='http' sudo firewall-cmd --add-service='ssh' --zone='public' @@ -71,12 +79,20 @@ sudo firewall-cmd --permanent --remove-service='ssh' # Create a new zone. sudo firewall-cmd --new-zone='publicweb' --permanent -# Make changes permanent. +# Make temporary changes permanent. sudo firewall-cmd --runtime-to-permanent -# Reload the firewall. +# Reload firewall rules from the permanent configuration. +# Keep the state's information. sudo firewall-cmd --reload +# Reload the firewall completely. +# Includes netfilter kernel modules. +# Loses state information, likely terminating all active connections. +# Should only be used when issues arise. +sudo firewall-cmd --complete-reload +sudo killall -HUP 'firewalld' + # Use the offline version. # '--permanent' does not work here. sudo firewall-offline-cmd --add-port='22/tcp' && sudo firewall-cmd --reload @@ -87,24 +103,22 @@ sudo firewall-offline-cmd --add-port='22/tcp' && sudo firewall-cmd --reload - [Website] - [Documentation] -## Sources - -All the references in the [further readings] section, plus the following: +### Sources - [Open TCP Port on openSUSE Firewall] - [How To Set Up a Firewall Using firewalld on CentOS 8] +- [Add a Service] + +[add a service]: https://firewalld.org/documentation/howto/add-a-service.html [documentation]: https://firewalld.org/documentation/ [website]: https://firewalld.org/ - -[further readings]: #further-readings - [how to set up a firewall using firewalld on centos 8]: https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-8 [open tcp port on opensuse firewall]: https://vazhavandan.blogspot.com/2020/08/open-tcp-port-on-opensuse-firewall.html diff --git a/snippets/firewalld.sh b/snippets/firewalld.sh new file mode 100644 index 0000000..6ee8ce0 --- /dev/null +++ b/snippets/firewalld.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env sh + +# Open ports. +sudo firewall-cmd --add-port='3000/tcp' --zone='public' --permanent +sudo firewall-cmd --add-port='2222/tcp' --zone='public' + + +# List pre-loaded, available services. +sudo firewall-cmd --get-services + +# List allowed services. +sudo firewall-cmd --list-services + +# Add services. +sudo firewall-cmd --permanent --new-service 'gitea' \ +&& sudo firewall-cmd --permanent --service 'gitea' --set-description \ + 'Painless self-hosted all-in-one software development service similar to GitHub, Bitbucket and GitLab.' \ +&& sudo firewall-cmd --permanent --service 'gitea' --set-short 'Private, fast and reliable DevOps platform' \ +&& sudo firewall-cmd --permanent --service 'gitea' --add-port '2222/tcp' \ +&& sudo firewall-cmd --permanent --service 'gitea' --add-port '3000/tcp' + +# Allow services. +sudo firewall-cmd --permanent --add-service 'gitea' + + +# Reload. +sudo firewall-cmd --reload +sudo firewall-cmd --complete-reload +sudo killall -HUP 'firewalld' + + +# List allowed flows. +sudo firewall-cmd --list-all