{{tag>Brouillon Réseau Sécurité Redhat}}

= Notes firewalld firewall-cmd

Voir :
* https://www.redhat.com/sysadmin/secure-linux-network-firewall-cmd
* https://www.thegeekdiary.com/5-useful-examples-of-firewall-cmd-command/
* https://www.digitalocean.com/community/tutorials/how-to-set-up-a-firewall-using-firewalld-on-centos-7
* https://www.it-connect.fr/centos-7-utilisation-et-configuration-de-firewalld/
* https://major.io/2021/10/11/forwarding-ports-with-firewalld/

Voir aussi:
* [[libvirt_firewalld_firewall-cmd_iptables]]

Voir la conf
<code bash>
firewall-cmd --list-all
</code>

Les règles sont enregistrées ici
* ''/usr/lib/firewalld/zones/''
* ''/etc/firewalld/zones/''

Autoriser un port
<code bash>
firewall-cmd --add-port=80/tcp

# Pour garder le changement après redémarrage
firewall-cmd --add-port=80/tcp --permanent
</code>

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/pdf/High_Availability_Add-On_Administration/Red_Hat_Enterprise_Linux-7-High_Availability_Add-On_Administration-en-US.pdf
<code bash>
firewall-cmd --permanent --add-service=high-availability
firewall-cmd --add-service=high-availability
</code>

== Firewalld avec Docker

PS : RedHat propose Podman à la place de Docker

<code bash>
firewall-cmd --permanent --zone=trusted --add-interface=docker0

for bridge in $(ip link |awk '/: br-/ { gsub(":", "") ; print $2 }')
do
  firewall-cmd --permanent --zone=trusted --add-interface=${bridge}
done

firewall-cmd --reload

systemctl restart docker
</code>

== Autres

<code bash>
firewall-cmd --permanent --zone=trusted --add-interface=virbr0
firewall-cmd --reload
firewall-cmd --add-masquerade
firewall-cmd --add-forward-port=port=8888:proto=tcp:toport=8888:toaddr=192.168.122.101
</code>