FirewallD: add service without specifying a zone - firewall

I was wondering which zone would service be added if run the add service command without specifying a zone.
For example:
$ sudo firewall-cmd --add-service=http --permanent

it will be added to the default zone
firewall-cmd --get-default-zone
will give you default zone

Related

Cant open custom ports on VM instance

I am trying to acess my website that is on my oracle cloud instance on port 8082 via public ip and can't make it.
Cloud instance
curl localhost:8082
:works
Firewall settings
ALL default ports open
From outside
Have you open the UFW?
Take a look to instructions in
https://blogs.oracle.com/developers/post/enabling-network-traffic-to-ubuntu-images-in-oracle-cloud-infrastructure
sudo ufw app list
sudo ufw allow 8082
sudo ufw enable
First Connect with your cloud service provider they can open it or maybe they are blocking it for some security purpose.
disable Ubuntu's default firewall via
sudo ufw disable
then install firewalld
sudo apt install firewalld sudo systemctl enable firewalld
sudo firewall-cmd --permanent --zone=public --add-port=80/tcp sudo
firewall-cmd --permanent --zone=public --add-port=443/tcp sudo
firewall-cmd --reload
Fore More Info

Can't access Azure Linux Virtual Machine via browser/HTTP

I have set up a VM in azure with Redhat Linux OS, I have installed Httpd service and placed a static webpage to access.
I am not able to access my VM via browser with public IP set on my VM. Although, I am able to ssh into the machine.
Steps I have already tried:
Set an inbound rule on the network security group for port 80, 443, 22(ssh).
Attached this NSG to both VNET & NIC but no luck.
Tried the same in AWS EC2 instance it works like a charm. Not sure why Azure is not that straight forward.
Tried to find the solution online and documentation but no luck.
Please help if you have any idea how can I access my app via a browser.
Please check, if SELINUX is configured correctly
Redhat reference here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/managing_confined_services/chap-managing_confined_services-the_apache_http_server
Thanks,
Manu
Thanks Manu for your suggestion. But I found that Linux firewall was blocking it. So here is what I did:
Since I am using RHEL 8, the inbuilt firewall is via Firewalld not iptables(which is there for RHEL 6 and before).
1- By default, only port 22 open in firewalld. "firewall-cmd --list-all" command will show the details.
2- Added HTTP port. By using below 2 commands
$ sudo firewall-cmd --zone=public --add-service=http --permanent
$ sudo firewall-cmd --reload
3- Verify the change by using any of the below commands:
$ sudo firewall-cmd --list-services
$ sudo firewall-cmd --list-services --permanent
Please refer this link for more details:
https://www.cyberciti.biz/faq/configure-set-up-a-firewall-using-firewalld-on-rhel-8/

Minishift console on Azure VM is not accessible from remote browser

Minishift console is not displaying in browser
I have installed minishift on Azure VM. To access minishift console from browser, I have done port forwarding with following commands.
firewall-cmd --add-masquerade --permanent
firewall-cmd --permanent --add-forward-port=port=8443:proto=tcp:toport=8443:toaddr=192.168.42.90
firewall-cmd --reload
Azure VM machine address is :- 23.99.65.77
minishift VM address :- 192.168.42.90
If i am accessing it through curl command, I am getting response html page
curl -k https://23.99.65.77:8443/console/catalog
If I am accessing it from browser(Chrome), I am not getting minishift console and following error are coming
https://192.168.42.90:8443/oauth/authorize?client_id=openshift-web-console&response_type=code&state=eyJ0aGVuIjoiLyIsIm5vbmNlIjoiMTU2MDMzODcyMjUxNS0xODU5OTIzNjQyNDQ3OTczNjQ0MTExNzU0MDM4MDI2NzUxMjkyNDgxMTcxNzc2MTMxMzc5NDAwMzEwNDYwMTE2OTM1OTM5NzE5MTY5In0&redirect_uri=https%3A%2F%2F192.168.42.90%3A8443%2Fconsole%2Foauth
is unreachable. ERR_ADDRESS_UNREACHABLE
It seems some certificate issue with browser.
I exposed port 8443 from Azure portal. See below screen shot/enter image description here

Linux Node JS listening on port 80 but not on other ports

I am a starting level at linux...
I got node JS to listen to port 80 and everything works well.
But when trying different ports it doesn't work.
Firewalld is not enabled...
and when trying in the browser I try localhost:8080
Any Ideas?
Stop firewall if already running
sudo systemctl stop firewalld
Check the status of iptable
If not already installed then install it using
yum install iptables-services
sudo systemctl status iptables
Enable the service at boot-time:
systemctl enable iptables
Managing the service
systemctl [stop|start|restart] iptables
Saving your firewall rules can be done as follows:
service iptables save
Start and Enable Firewall with this command
sudo systemctl start firewalld
sudo systemctl enable firewalld
Configure firewall and add Ip and range of ports to be enabled (optional)
firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" port port="11224-12224" protocol="tcp" accept'
The above command takes the range of IPs and ports. You need to replace the IP and port range in the above command, make sure to change the x.x.x.x/n , here n is the number of ports.

Cannot access to CentOS from MS Windows via http

I have got installed CentOS 7 under virtual envirment.
It has proper hostname so I can ping it and it has acccess to internet inside of it and I can ping by IP and host name outside of it. Also It has working Apache and its test page is fine that has been checked locally.
Now I would like to get access to this test page from the MS Windows but I cannot. (I can ping CentOS by IP and hostname.)
Has it something to do with Iptables or firewall?
And this link doesnt help as well https://serverfault.com/questions/459267/enabling-http-access-on-port-80-for-centos-6-3-from-console
I assume some settings should be changed under CentOS but I am not sure which of them.
My question is which steps I have to execute to allow all those things?
Either disable firewalld.service
systemctl disable firewalld.service
systemctl stop firewalld.service
Or allow access to port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
Also disable SELINUX:
setenforce 0
sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
So the answer is a simple one.
I just used Firewall settings to allow http and httpd.

Resources