Somewhere between Fedora 18 and 20 the default firewall switched to FirewallD. \u00a0FirewallD is a replacement to the default iptables firewall. \u00a0Lots more detail at the links referenced below but in my mind the big advantages are zones and the fact that changes can be made to the running firewall without restart, load, unload and therefore becomes stateful.<\/p>\n
This is just a quick reminder for myself to what I did to add a port to the public zone. \u00a0I was setting up SPICE for accessing a Windows 7 KVM guest and needed the firewall to allow port 5901.<\/p>\n
I will play with the other zones at some point. Ideally I don't want to allow 5901 to the public zone just the internal zone.<\/p>\n
Get some information on the FirewallD service.<\/strong><\/p>\n Add the vnc-server service that covers the ports I am interested in. Add rules also to the permanent profile not just running profile.<\/strong><\/p>\n Hints:<\/strong> More detail here:<\/strong> Somewhere between Fedora 18 and 20 the default firewall switched to FirewallD. \u00a0FirewallD is a replacement to the default iptables<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[43],"tags":[],"class_list":["post-568","post","type-post","status-publish","format-standard","hentry","category-firewalld"],"_links":{"self":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/568","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/comments?post=568"}],"version-history":[{"count":0,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/posts\/568\/revisions"}],"wp:attachment":[{"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/media?parent=568"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/categories?post=568"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.ls-al.com\/wp-json\/wp\/v2\/tags?post=568"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\r\n# systemctl | grep firewall\r\nfirewalld.service loaded active running firewalld - dynamic firewall daemon\r\n\r\n# firewall-cmd --state\r\nrunning\r\n\r\n# firewall-cmd --get-zones\r\nblock dmz drop external home internal public trusted work\r\n\r\n# firewall-cmd --get-services\r\namanda-client bacula bacula-client dhcp dhcpv6 dhcpv6-client dns ftp high-availability http https imaps ipp ipp-client ipsec kerberos kpasswd ldap ldaps libvirt libvirt-tls mdns mountd ms-wbt mysql nfs ntp openvpn pmcd pmproxy pmwebapi pmwebapis pop3s postgresql proxy-dhcp radius rpc-bind samba samba-client smtp ssh telnet tftp tftp-client transmission-client vnc-server wbem-https\r\n\r\n# firewall-cmd --get-default-zone\r\npublic\r\n<\/pre>\n
\r\n# firewall-cmd --zone=public --add-service=vnc-server\r\nsuccess\r\n\r\n# firewall-cmd --permanent --zone=public --add-service=vnc-server\r\nsuccess\r\n\r\n# firewall-cmd --reload\r\nsuccess\r\n<\/pre>\n
\nYou can also use firewall-config which is a native firewall GUI.
\nUsing nmap to verify the open ports.<\/p>\n
\nhttps:\/\/fedoraproject.org\/wiki\/Features\/firewalld-default
\nhttps:\/\/fedoraproject.org\/wiki\/FirewallD?rd=FirewallD\/<\/p>\n","protected":false},"excerpt":{"rendered":"