The Firewall isn't a service that listens on a particular port so netstat will not be able to identify if it is running like it can for other services (like apache).
You could use firewall-cmd to enquire on the firewall status like this:
Hi,
So that potential responders will have an idea of what they're dealing with let me say that while I am a UNIX newbie I have been in IT for over 10 years.
We have several SUN boxes running ver 5 of the OS that have been sitting dormant for some time as they were part of a now defunct... (3 Replies)
Well, since I wrote the below, I've learned a little more about Samba, and got them to at least acknowledge each other. Still can't use Gaurd dog. Still cant print from one to the other.
I'm learning I'm learning
I recently installed mepis 7 on both my laptop and laptop. (I came... (0 Replies)
Hi,
I will like to allow access to the mysql port (3306) to certain IP address. All other IP's should be automatically blocked. What is the best way to do this? (8 Replies)
Hello,
I want to add a port in the firewall exception list so that my application can be accessed over network even if firewall is disabled. I am using iptables command to add exception.
The problem is, after setting the rule if I change the firewall setting i.e. on/off then it is overwriting... (1 Reply)
Hello,
I made a following script that check every 5 minutes to check firewall is running or not, if firewall down that raise an alert only once, but following script generate an alert every 5 minutes according to cronjob:
FILE="/var/log/fwstatus"
CHK="/tmp/fwstatus"
service... (1 Reply)
hi guys
I doing some collocation for a customer, customer requested to use other port for ssh not the default one. OK no problem
and customer will be using rsync to sync backups among other things
I know we have to open port let's say port 5999 for ssh since we are using that one now but I... (1 Reply)
Hi,
I need to know what kind of firewall settings does the linux box have? Is port 25 blocked in any way?
Linux techx 3.10.0-514.10.2.el7.x86_64 #1 SMP Fri Mar 3 00:04:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
I'm coming from this thread. (1 Reply)
Below is what i did to open the firewall port on
# sudo firewall-cmd --zone=public --add-port=27012/tcp --permanent
Warning: ALREADY_ENABLED: 27012:tcp
success
# sudo firewall-cmd --reload
success
# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
... (10 Replies)
Discussion started by: mohtashims
10 Replies
LEARN ABOUT CENTOS
firewalld.lockdown-whitelist
FIREWALLD.LOCKDOWN(5) firewalld.lockdown-whitelist FIREWALLD.LOCKDOWN(5)NAME
firewalld.lockdown-whitelist - firewalld lockdown whitelist configuration file
SYNOPSIS
/etc/firewalld/lockdown-whitelists.xml
DESCRIPTION
The firewalld lockdown-whitelist configuration file contains the selinux contexts, commands, users and user ids that are white-listed when
firewalld lockdown feature is enabled (see firewalld.conf(5) and firewall-cmd(1)).
This example configuration file shows the structure of an lockdown-whitelist file:
<?xml version="1.0" encoding="utf-8"?>
<whitelist>
<selinux context="selinuxcontext"/>
<command name="commandline[*]"/>
<user {name="username|id="userid"}/>
</whitelist>
OPTIONS
The config can contain these tags and attributes. Some of them are mandatory, others optional.
whitelist
The mandatory whitelist start and end tag defines the lockdown-whitelist. This tag can only be used once in a lockdown-whitelist
configuration file. There are no attributes for this.
selinux
Is an optional empty-element tag and can be used several times to have more than one selinux contexts entries. A selinux entry has exactly
one attribute:
context="string"
The context is the security (SELinux) context of a running application or service.
To get the context of a running application use ps -e --context and search for the application that should be white-listed.
Warning: If the context of an application is unconfined, then this will open access for more than the desired application.
command
Is an optional empty-element tag and can be used several times to have more than one command entry. A command entry has exactly one
attribute:
name="string"
The command string is a complete command line including path and also attributes.
If a command entry ends with an asterisk '*', then all command lines starting with the command will match. If the '*' is not there the
absolute command inclusive arguments must match.
Commands for user root and others is not always the same, the used path depends on the use of the PATH environment variable.
user
Is an optional empty-element tag and can be used several times to white-list more than one user. A user entry has exactly one attribute of
these:
name="string"
The user with the name string will be white-listed.
id="integer"
The user with the id userid will be white-listed.
SEE ALSO firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.icmptype(5),
firewalld.lockdown-whitelist(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5),
firewalld.zones(5)NOTES
firewalld home page at fedorahosted.org:
http://fedorahosted.org/firewalld/
More documentation with examples:
http://fedoraproject.org/wiki/FirewallD
AUTHORS
Thomas Woerner <twoerner@redhat.com>
Developer
Jiri Popelka <jpopelka@redhat.com>
Developer
firewalld 0.3.9 FIREWALLD.LOCKDOWN(5)