FirewallD on Fedora
Somewhere between Fedora 18 and 20 the default firewall switched to FirewallD. FirewallD is a replacement to the default iptables firewall. Lots more detail at the links referenced below but in my mind the big advantages are zones and the fact that changes can be made to the running firewall without restart, load, unload and therefore becomes stateful.
This is just a quick reminder for myself to what I did to add a port to the public zone. I was setting up SPICE for accessing a Windows 7 KVM guest and needed the firewall to allow port 5901.
I will play with the other zones at some point. Ideally I don't want to allow 5901 to the public zone just the internal zone.
Get some information on the FirewallD service.
# systemctl | grep firewall firewalld.service loaded active running firewalld - dynamic firewall daemon # firewall-cmd --state running # firewall-cmd --get-zones block dmz drop external home internal public trusted work # firewall-cmd --get-services amanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https # firewall-cmd --get-default-zone public
Add the vnc-server service that covers the ports I am interested in. Add rules also to the permanent profile not just running profile.
# firewall-cmd --zone=public --add-service=vnc-server success # firewall-cmd --permanent --zone=public --add-service=vnc-server success # firewall-cmd --reload success
You can also use firewall-config which is a native firewall GUI.
Using nmap to verify the open ports.
More detail here: