- everything should be done with the firewall-cmd command... mostly, I found system-config-firewall gui which only works if the firewall is NOT running and firewall_config gui which only works IF the firewall is running. I am not a fan of either gui.
- I see under /lib/firewalld/zones/ the xml files for public, internal, work... all those zones you could choose from if using the gui. The contents of public.xml contain just
Code: Select all
<?xml version="1.0" encoding="utf-8"?> <zone> <short>Public</short> <description>For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.</description> <service name="ssh"/> <service name="dhcpv6-client"/> </zone>
- for a given zone, is everything contained in this zone.xml file ? by that I mean if my zone = public and I do the correct syntax of firewall-cmd --permanent add port 5500 tcp/udp so tigervnc works because using the gui it only adds port 5900 for vncserver would this entry then get written to /lib/firewalld/zones/public.xml? If not then where?
- I found firewall-cmd --permanent --new-zone=ron and that creates /etc/firewalld/zones/ron.xml. I like being able to create my own zone explicitly so I know what I would have... I want to have ssh, samba, ports 5500tcp/udp along with 5900-5910tcp plus some miscellaneous tcp port numbers for license servers I have running. Would all that then show up in the /etc/firewalld/zones/ron.xml file, if not then where?
I want to create a custom zone that will be applied to eth0 the only network connection to the server and be active/enabled whenever the computer boots. I want to know and easily be able to see exactly what ports are allowed. How would this be done?