0% found this document useful (0 votes)

103 views15 pages

Firewall Configuration Guide

The document provides 48 examples of commands for configuring firewall rules using firewall-cmd on Linux systems. The commands allow, block, or filter traffic based on port, protocol, IP address or range, interface, MAC address, application, and other criteria. Firewall rules are added or removed from the public zone and changes are reloaded permanently or for a specific time period.

Uploaded by

cimek23869

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

103 views15 pages

Firewall Configuration Guide

Uploaded by

cimek23869

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

Firewall Rules

1. Allow SSH (port 22) from a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]"

port protocol="tcp" port="22" accept' --permanent
sudo firewall-cmd --reload

2. Block incoming ICMP (ping) requests:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol value="icmp" drop' --

permanent
sudo firewall-cmd --reload

3. Allow traffic from a specific network range:

sudo firewall-cmd --zone=public --add-source=[Link]/24 --permanent

sudo firewall-cmd --reload

4. Open a custom port range (e.g., 5000-6000):

sudo firewall-cmd --zone=public --add-port=5000-6000/tcp --permanent

sudo firewall-cmd --reload

5. Block outgoing traffic on a specific port (e.g., 8080):

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port protocol="tcp"

port="8080" drop' --permanent
sudo firewall-cmd --reload

6. Allow FTP (port 21) for a specific interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" interface="eth0" port

protocol="tcp" port="21" accept' --permanent
sudo firewall-cmd --reload

7. Block specific service (e.g., Telnet):

sudo firewall-cmd --zone=public --remove-service=telnet --permanent

sudo firewall-cmd --reload
8. Allow multicast traffic:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/4"

drop' --permanent
sudo firewall-cmd --reload

9. Allow specific application traffic (e.g., Apache):

sudo firewall-cmd --zone=public --add-service=http --permanent

sudo firewall-cmd --reload

10. Block traffic from a specific country (e.g., Russia):

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"

invert source="country" destination country="RU" drop' --permanent
sudo firewall-cmd –reload

11. Allow DNS (port 53) for both TCP and UDP:

sudo firewall-cmd --zone=public --add-port=53/tcp --add-port=53/udp --permanent

sudo firewall-cmd --reload

12. Allow incoming traffic on a specific network interface (e.g., eth1):

sudo firewall-cmd --zone=public --add-interface=eth1 --permanent

sudo firewall-cmd --reload

13. Block all incoming traffic except for established connections:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"

drop' --permanent
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"
accept' --permanent
sudo firewall-cmd --reload

14. Allow only specific IP addresses on a certain port (e.g., 8080):

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port protocol="tcp"

port="8080" source address="[Link]" accept' --permanent
sudo firewall-cmd --reload

15. Open port 123 for NTP (Network Time Protocol):

sudo firewall-cmd --zone=public --add-port=123/udp --permanent

sudo firewall-cmd --reload
16. Allow ICMP echo requests (ping) from a specific subnet:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

address="[Link]/24" protocol="icmp" accept' --permanent
sudo firewall-cmd --reload

17. Block traffic to a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"

destination address="[Link]" drop' --permanent
sudo firewall-cmd --reload

18. Allow SSH on a non-default port (e.g., 2222):

sudo firewall-cmd --zone=public --add-port=2222/tcp --permanent

sudo firewall-cmd --reload

19. Allow traffic based on a custom service:

sudo firewall-cmd --zone=public --add-service=my_custom_service --permanent

sudo firewall-cmd --reload

20. Block all incoming and outgoing traffic:

sudo firewall-cmd --zone=public --set-target=DROP --permanent

sudo firewall-cmd --reload

21. Allow RDP (Remote Desktop Protocol - port 3389) from a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]"

port protocol="tcp" port="3389" accept' --permanent
sudo firewall-cmd --reload

22. Allow traffic for a specific application (e.g., PostgreSQL):

sudo firewall-cmd --zone=public --add-service=postgresql --permanent

sudo firewall-cmd --reload

23. Allow incoming connections on a specific port range (e.g., 8000-9000) for UDP:

sudo firewall-cmd --zone=public --add-port=8000-9000/udp --permanent

sudo firewall-cmd --reload
24. Allow SIP (Session Initiation Protocol - port 5060) for VoIP:

sudo firewall-cmd --zone=public --add-port=5060/udp --permanent

sudo firewall-cmd --reload

25. Block specific MAC address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

mac="[Link]" drop' --permanent
sudo firewall-cmd --reload

26. Allow traffic for a specific user:

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -j
ACCEPT
sudo firewall-cmd --reload

27. Allow NFS (Network File System - port 2049) for file sharing:

sudo firewall-cmd --zone=public --add-port=2049/tcp --permanent

sudo firewall-cmd --reload

28. Allow Docker containers to communicate on a bridge network:

sudo firewall-cmd --zone=trusted --add-source=[Link]/16 --permanent

sudo firewall-cmd --reload

29. Block outgoing traffic to a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination

address="[Link]" drop' --permanent
sudo firewall-cmd --reload

30. Allow SNMP (Simple Network Management Protocol - port 161) for monitoring:

sudo firewall-cmd --zone=public --add-port=161/udp --permanent

sudo firewall-cmd --reload

31. Allow incoming traffic on a specific port for IPv6 (e.g., port 8080):

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent --ipv6

sudo firewall-cmd --reload
32. Block all traffic except for a specific service (e.g., SSH):

sudo firewall-cmd --zone=public --add-service=ssh --permanent

sudo firewall-cmd --zone=public --remove-service={http,https} --permanent
sudo firewall-cmd --reload

33. Allow traffic from and to a specific network interface (e.g., eth0):

sudo firewall-cmd --zone=public --add-interface=eth0 --permanent

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source interface="eth0"
accept' --permanent
sudo firewall-cmd --reload

34. Allow DNS traffic only for a specific domain:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"

destination domain="[Link]" accept' --permanent
sudo firewall-cmd --reload

35. Block traffic from a specific country for a specific service (e.g., SSH):

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"

invert source="country" destination port="22" protocol="tcp" drop' --permanent
sudo firewall-cmd --reload

36. Allow multicast traffic for IPv6:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv6" source address="fe80::/10"

drop' --permanent
sudo firewall-cmd --reload

37. Allow traffic for a specific UDP service (e.g., syslog - port 514):

sudo firewall-cmd --zone=public --add-port=514/udp --permanent

sudo firewall-cmd --reload

38. Allow traffic from a specific MAC address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

mac="[Link]" accept' --permanent
sudo firewall-cmd --reload

39. Allow outgoing SMTP traffic (port 25) for a specific IP range:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source
address="[Link]/24" port protocol="tcp" port="25" accept' --permanent
sudo firewall-cmd --reload

40. Allow traffic on a custom port range for both TCP and UDP (e.g., 7000-8000):

sudo firewall-cmd --zone=public --add-port=7000-8000/tcp --add-port=7000-8000/udp --

permanent
sudo firewall-cmd --reload

41. Allow traffic on a specific port range for both TCP and UDP, limiting it to a specific
IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]"

port port="8000-9000" protocol="tcp" accept' --permanent
sudo firewall-cmd --reload

42. Block traffic to a specific port from a range of IP addresses:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

address="[Link]/24" port port="1234" protocol="tcp" drop' --permanent
sudo firewall-cmd --reload

43. Allow traffic for a specific user on a custom port:

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -p tcp --
dport 9876 -j ACCEPT
sudo firewall-cmd --reload

44. Block outgoing traffic to a specific domain:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination

domain="[Link]" drop' --permanent
sudo firewall-cmd --reload

45. Allow NTP traffic (port 123) for both TCP and UDP:

sudo firewall-cmd --zone=public --add-port=123/tcp --add-port=123/udp --permanent

sudo firewall-cmd --reload

46. Allow traffic from a specific country on a specific port (e.g., 8080):
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]/0"
source country="US" port port="8080" protocol="tcp" accept' --permanent
sudo firewall-cmd --reload

47. Allow traffic for a specific service on a custom interface (e.g., eth1):

sudo firewall-cmd --zone=public --add-service=http --add-interface=eth1 --permanent

sudo firewall-cmd --reload

48. Allow incoming and outgoing traffic on a specific port only for a specific time:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="9876"

protocol="tcp" accept' --permanent --active-from=Mon-Fri 08:00-17:00
sudo firewall-cmd --reload

49. Allow traffic for a specific service from a specific IP address range:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

address="[Link]/24" service name="ftp" accept' --permanent
sudo firewall-cmd --reload

50. Allow traffic from and to a specific port for a range of IP addresses:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

address="[Link]/24" port port="5432" protocol="tcp" accept' --permanent
sudo firewall-cmd –reload

51. Allow traffic on a specific port range for both TCP and UDP, limiting it to a specific
MAC address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

mac="[Link]" port port="8000-9000" protocol="tcp" accept' --permanent
sudo firewall-cmd --reload

52. Block traffic from a specific user on a custom port:

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -p tcp --
dport 9876 -j DROP
sudo firewall-cmd --reload

53. Allow traffic on a specific port range from a specific country:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source country="US" port

port="8000-9000" protocol="tcp" accept' --permanent
sudo firewall-cmd --reload
54. Block traffic to a specific domain for a specific service (e.g., SSH):

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination

domain="[Link]" service name="ssh" drop' --permanent
sudo firewall-cmd --reload

55. Allow traffic on a custom port range for a specific service (e.g., SNMP):

sudo firewall-cmd --zone=public --add-service=snmp --add-port=6000-7000/tcp --permanent

sudo firewall-cmd --reload

56. Allow traffic for a specific user and specific service:

sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -p tcp --
dport 1234 -j ACCEPT
sudo firewall-cmd --reload

57. Block ICMP echo requests (ping) from a specific IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]"

protocol="icmp" icmp-type="8" drop' --permanent
sudo firewall-cmd --reload

58. Allow traffic on a specific port range for a specific application:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent
sudo firewall-cmd --reload

59. Block traffic from a specific IP address range on a specific port:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

address="[Link]/24" port port="9876" protocol="tcp" drop' --permanent
sudo firewall-cmd --reload

60. Allow incoming traffic on a specific port for both TCP and UDP, limiting it to a
specific user:

sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m owner --uid-owner username -p tcp --
dport 8080 -j ACCEPT
sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m owner --uid-owner username -p udp --
dport 8080 -j ACCEPT
sudo firewall-cmd --reload
61. Allow traffic on a specific port for a range of IP addresses during specific days and
times:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]-

[Link]" port port="8080" protocol="tcp" accept' --permanent --active-
on=Mon,Tue,Wed,Thu,Fri --active-at="08:00-17:00"
sudo firewall-cmd --reload

62. Allow traffic on a specific port range for both TCP and UDP, limiting it to a specific
user and interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="[Link]"

port port="8000-9000" protocol="tcp" accept' --permanent --interface=eth0
sudo firewall-cmd --reload

63. Block traffic from a specific MAC address for a specific service:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

mac="[Link]" service name="ftp" drop' --permanent
sudo firewall-cmd --reload

64. Allow traffic on a custom port range for a specific application and user:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -j ACCEPT
sudo firewall-cmd --reload

65. Block incoming and outgoing traffic on a specific port for a specific user:

sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m owner --uid-owner username -p tcp --
dport 9876 -j DROP
sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -p tcp --
dport 9876 -j DROP
sudo firewall-cmd --reload

66. Allow traffic on a specific port for a specific service and network interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" accept' --permanent --interface=eth1
sudo firewall-cmd --reload

67. Allow traffic on a specific port for a specific service and source IP address:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="ssh" port
port="2222" protocol="tcp" source address="[Link]" accept' --permanent
sudo firewall-cmd --reload

68. Block traffic from a specific country on a specific port for a specific service:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source country="CN" port

port="80" protocol="tcp" service name="http" drop' --permanent
sudo firewall-cmd --reload

69. Allow traffic on a specific port range for a specific application and destination IP
address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" destination address="[Link]" accept' --permanent
sudo firewall-cmd --reload

70. Block traffic from a specific MAC address for a specific service and interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source

mac="[Link]" service name="ftp" drop' --permanent --interface=eth0
sudo firewall-cmd –reload

71. Allow traffic on a specific port range for a specific application, user, and interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -o eth1 -j ACCEPT
sudo firewall-cmd --reload

72. Block incoming traffic on a specific port range for a specific country:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source country="RU" port

port="3000-4000" protocol="tcp" drop' --permanent
sudo firewall-cmd --reload

73. Allow traffic on a specific port for a specific service, source IP address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source address="[Link]" accept' --permanent --interface=eth1
sudo firewall-cmd --reload

74. Allow traffic on a specific port range for a specific application, user, and source IP
address:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"
port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -s [Link] -j ACCEPT
sudo firewall-cmd --reload

75. Block traffic on a specific port for a specific service and source IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source address="[Link]" drop' --permanent
sudo firewall-cmd --reload

76. Allow traffic on a specific port range for a specific application, user, and destination
IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -d [Link] -j ACCEPT
sudo firewall-cmd --reload

77. Allow traffic on a specific port for a specific service, source MAC address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source mac="[Link]" accept' --permanent --interface=eth0
sudo firewall-cmd --reload

78. Block incoming traffic on a specific port range for a specific application:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" drop' --permanent
sudo firewall-cmd --reload

79. Allow traffic on a specific port for a specific service, source MAC address, and
source IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source mac="[Link]" source address="[Link]"
accept' --permanent
sudo firewall-cmd --reload

80. Allow traffic on a specific port range for a specific application, user, source IP
address, and interface:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"
port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -s [Link] -o eth1 -j ACCEPT
sudo firewall-cmd --reload

81. Allow traffic on a specific port range for a specific application, user, source IP address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -s [Link] -o eth1 -j ACCEPT
sudo firewall-cmd --reload

82. Block incoming traffic on a specific port range for a specific application and source
IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" source address="[Link]" drop' --permanent
sudo firewall-cmd --reload

83. Allow traffic on a specific port for a specific service, source MAC address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source mac="[Link]" accept' --permanent --interface=eth0
sudo firewall-cmd --reload

84. Block incoming traffic on a specific port range for a specific application and
destination IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" destination address="[Link]" drop' --permanent
sudo firewall-cmd --reload

85. Allow traffic on a specific port range for a specific application, user, and destination
IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -d [Link] -j ACCEPT
sudo firewall-cmd --reload

86. Allow traffic on a specific port for a specific service, source MAC address, and
source IP address:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port
port="8080" protocol="tcp" source mac="[Link]" source address="[Link]"
accept' --permanent
sudo firewall-cmd --reload

87. Block incoming traffic on a specific port range for a specific application and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" drop' --permanent --interface=eth0
sudo firewall-cmd --reload

88. Allow traffic on a specific port for a specific service, source IP address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source address="[Link]" accept' --permanent --interface=eth1
sudo firewall-cmd --reload

89. Block incoming traffic on a specific port range for a specific application, user, and
source IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" source address="[Link]" drop' --permanent --direct --
add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -s [Link] -j DROP
sudo firewall-cmd --reload

90. Allow traffic on a specific port range for a specific application, user, and destination
IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -d [Link] -j ACCEPT
sudo firewall-cmd --reload

91. Allow traffic on a specific port range for a specific application, user, and source IP
address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -s [Link] -j ACCEPT
sudo firewall-cmd --reload

92. Block incoming traffic on a specific port range for a specific application and source
IP address:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"
port port="8000-9000" protocol="tcp" source address="[Link]" drop' --permanent
sudo firewall-cmd --reload

93. Allow traffic on a specific port for a specific service, source MAC address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source mac="[Link]" accept' --permanent --interface=eth0
sudo firewall-cmd --reload

94. Block incoming traffic on a specific port range for a specific application and
destination IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" destination address="[Link]" drop' --permanent
sudo firewall-cmd --reload

95. Allow traffic on a specific port for a specific service, source MAC address, and
source IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source mac="[Link]" source address="[Link]"
accept' --permanent
sudo firewall-cmd --reload

96. Block incoming traffic on a specific port range for a specific application and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" drop' --permanent --interface=eth0
sudo firewall-cmd --reload

97. Allow traffic on a specific port for a specific service, source IP address, and
interface:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" service name="http" port

port="8080" protocol="tcp" source address="[Link]" accept' --permanent --interface=eth1
sudo firewall-cmd --reload

98. Block incoming traffic on a specific port range for a specific application, user, and
source IP address:
sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"
port port="8000-9000" protocol="tcp" source address="[Link]" drop' --permanent --direct --
add-rule ipv4 filter OUTPUT 0 -m owner --uid-owner username -s [Link] -j DROP
sudo firewall-cmd --reload

99. Allow traffic on a specific port range for a specific application, user, and destination
IP address:

sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" application="my_custom_app"

port port="8000-9000" protocol="tcp" accept' --permanent --direct --add-rule ipv4 filter OUTPUT 0
-m owner --uid-owner username -d [Link] -j ACCEPT
sudo firewall-cmd --reload

100. Block incoming and outgoing traffic on a specific port for a specific user:
bash sudo firewall-cmd --direct --add-rule ipv4 filter INPUT 0 -m owner --uid-owner username -p
tcp --dport 9876 -j DROP sudo firewall-cmd --direct --add-rule ipv4 filter OUTPUT 0 -m owner --
uid-owner username -p tcp --dport 9876 -j DROP sudo firewall-cmd --reload

Linux IPTables Rules: Top 25 Examples
No ratings yet
Linux IPTables Rules: Top 25 Examples
8 pages
Iptables - F (Or) Iptables - Flush: 1. Delete Existing Rules
No ratings yet
Iptables - F (Or) Iptables - Flush: 1. Delete Existing Rules
5 pages
Firewall Service
No ratings yet
Firewall Service
7 pages
CentOS RedHat Iptables Firewall Guide
No ratings yet
CentOS RedHat Iptables Firewall Guide
7 pages
IPTables/Netfilter Guide & Commands
No ratings yet
IPTables/Netfilter Guide & Commands
6 pages
Firewall FBasic Examples
No ratings yet
Firewall FBasic Examples
3 pages
Firewalld Panic Mode Guide
No ratings yet
Firewalld Panic Mode Guide
11 pages
Linux Firewall
No ratings yet
Linux Firewall
12 pages
Regras Firewall
No ratings yet
Regras Firewall
2 pages
Iptables: Linux Firewall Guide
No ratings yet
Iptables: Linux Firewall Guide
31 pages
Mikrotik Firewall Configuration Guide
No ratings yet
Mikrotik Firewall Configuration Guide
6 pages
Securing CentOS Server Access
No ratings yet
Securing CentOS Server Access
2 pages
Iptables Firewall Lab Manual
No ratings yet
Iptables Firewall Lab Manual
4 pages
Day 04-Firewall & Iptables
No ratings yet
Day 04-Firewall & Iptables
7 pages
6to4 Firewall Configuration Guide
No ratings yet
6to4 Firewall Configuration Guide
7 pages
FreeBSD Firewall Configuration
No ratings yet
FreeBSD Firewall Configuration
7 pages
Useful FirewallD Rules To Configure and Manage Firewall in Linux
No ratings yet
Useful FirewallD Rules To Configure and Manage Firewall in Linux
10 pages
Script Iocurrents
No ratings yet
Script Iocurrents
2 pages
Firewalld Basic: Disabling Iptables Service
No ratings yet
Firewalld Basic: Disabling Iptables Service
5 pages
Lab Assignment 11 Firewalls Using IPTABLES
No ratings yet
Lab Assignment 11 Firewalls Using IPTABLES
12 pages
Firewall MK
No ratings yet
Firewall MK
3 pages
IP Firewall Address List Configuration
No ratings yet
IP Firewall Address List Configuration
3 pages
Tunnel
No ratings yet
Tunnel
4 pages
Linux Hardening Tips for Metasploitable
No ratings yet
Linux Hardening Tips for Metasploitable
11 pages
Unit 3 LINUX Firewall
No ratings yet
Unit 3 LINUX Firewall
8 pages
Seting Basic Mikrotik Firewall
No ratings yet
Seting Basic Mikrotik Firewall
3 pages
25 Most Frequently Used Linux IPTables Rules PDF
No ratings yet
25 Most Frequently Used Linux IPTables Rules PDF
10 pages
Rhel Notes For Rh253
100% (1)
Rhel Notes For Rh253
27 pages
Nftables Firewall Setup Guide for Linux
No ratings yet
Nftables Firewall Setup Guide for Linux
10 pages
Selinux e Firewall Linux
No ratings yet
Selinux e Firewall Linux
9 pages
Linux Gateway Firewall Manual
No ratings yet
Linux Gateway Firewall Manual
1 page
Firewall Lab-7
No ratings yet
Firewall Lab-7
3 pages
Linux SysAdmin Guide
No ratings yet
Linux SysAdmin Guide
17 pages
Firewall
No ratings yet
Firewall
6 pages
IFG Firewall
No ratings yet
IFG Firewall
3 pages
A
No ratings yet
A
11 pages
Cortafuegos de Linux
No ratings yet
Cortafuegos de Linux
30 pages
Secure Ubuntu 16.04 Server Guide
No ratings yet
Secure Ubuntu 16.04 Server Guide
10 pages
Linux Firewall Setup Guide
No ratings yet
Linux Firewall Setup Guide
7 pages
RC Firewall
No ratings yet
RC Firewall
16 pages
RHEL 7 Firewalld Guide for Sysadmins
No ratings yet
RHEL 7 Firewalld Guide for Sysadmins
23 pages
Shorewall Setup on Fedora Guide
100% (3)
Shorewall Setup on Fedora Guide
5 pages
Lab 7
No ratings yet
Lab 7
16 pages
Linux Network Setup Guide
No ratings yet
Linux Network Setup Guide
6 pages
4.4.1.2 - Configure Ip Acls To Mitigate Attacks: Topology
No ratings yet
4.4.1.2 - Configure Ip Acls To Mitigate Attacks: Topology
85 pages
Lab 2-Part 2
No ratings yet
Lab 2-Part 2
14 pages
Basic Firewall Script for IP Protection
No ratings yet
Basic Firewall Script for IP Protection
3 pages
FortiGate Firewall CLI Guide
No ratings yet
FortiGate Firewall CLI Guide
18 pages
UNIX Unit-4 Part 2-Networking Tools
No ratings yet
UNIX Unit-4 Part 2-Networking Tools
19 pages
Squid
No ratings yet
Squid
4 pages
25 Most Frequently Used Linux IPTables Rules Examples
No ratings yet
25 Most Frequently Used Linux IPTables Rules Examples
15 pages
Lab 06: Packet Filter With Iptables: 1. Overview
No ratings yet
Lab 06: Packet Filter With Iptables: 1. Overview
2 pages
Chapter14 Limiting Network Communication With Firewalld
No ratings yet
Chapter14 Limiting Network Communication With Firewalld
2 pages
Rambo Iii
No ratings yet
Rambo Iii
2 pages
CBI Security MCQs Linux CheatSheet
No ratings yet
CBI Security MCQs Linux CheatSheet
4 pages
Securing Servers With Linux Firewall Myanmar ING 2nd Camp May Thu Thu Htun
100% (1)
Securing Servers With Linux Firewall Myanmar ING 2nd Camp May Thu Thu Htun
16 pages
TCP Wrappers: Access Control Guide
No ratings yet
TCP Wrappers: Access Control Guide
10 pages
Cisco Router Security Guide
No ratings yet
Cisco Router Security Guide
6 pages
Adm940 Flashcards
No ratings yet
Adm940 Flashcards
24 pages
JIRA Interview Questions and Answers
No ratings yet
JIRA Interview Questions and Answers
1 page
Working With Styles - Ctrader Algo
No ratings yet
Working With Styles - Ctrader Algo
6 pages
Mikrotik SSTP Setup for Win10 Users
No ratings yet
Mikrotik SSTP Setup for Win10 Users
14 pages
PSG MP C401
No ratings yet
PSG MP C401
42 pages
Aniket 21 BDS0350
No ratings yet
Aniket 21 BDS0350
15 pages
Advanced Gaming Systems/Wall of Honor Filings
No ratings yet
Advanced Gaming Systems/Wall of Honor Filings
3 pages
Motorola Fx9500 Fixed Rfid Reader: High Performance Rfid Data Capture For Industrial Environments
No ratings yet
Motorola Fx9500 Fixed Rfid Reader: High Performance Rfid Data Capture For Industrial Environments
2 pages
Cloud Google Com Use-Cases Retrieval-Augmented-Generation
No ratings yet
Cloud Google Com Use-Cases Retrieval-Augmented-Generation
7 pages
Secure Info & Software Management
No ratings yet
Secure Info & Software Management
26 pages
1KHW028635 FOX61x-OPIC2 Ed01
No ratings yet
1KHW028635 FOX61x-OPIC2 Ed01
118 pages
5G RAN7.1 Feature and Function
100% (1)
5G RAN7.1 Feature and Function
42 pages
MySign E-Signature Integration Guide
No ratings yet
MySign E-Signature Integration Guide
14 pages
BSIT - Semester Fall 2025 (M) v.3
No ratings yet
BSIT - Semester Fall 2025 (M) v.3
2 pages
Neuromorphic UAV Vision Control
No ratings yet
Neuromorphic UAV Vision Control
7 pages
Introduction To Software Engineering: AY.16-17 - ISE LAB EXTERNAL - E3 Date: 24/11/2016 Time: 3 Hours Branch: CSE
No ratings yet
Introduction To Software Engineering: AY.16-17 - ISE LAB EXTERNAL - E3 Date: 24/11/2016 Time: 3 Hours Branch: CSE
12 pages
Power Off Reset Reason Backup
No ratings yet
Power Off Reset Reason Backup
5 pages
DS. Module IO AO-8 and AO-8-H
No ratings yet
DS. Module IO AO-8 and AO-8-H
5 pages
Ch-03: Programming Fundamentals - Short Question Answers - PDF
No ratings yet
Ch-03: Programming Fundamentals - Short Question Answers - PDF
27 pages
Manufacturing Process Management PDF
100% (1)
Manufacturing Process Management PDF
6 pages
Swing Turnstile (6X) User Manual V1.0.5
No ratings yet
Swing Turnstile (6X) User Manual V1.0.5
45 pages
Database Development Exam Overview
No ratings yet
Database Development Exam Overview
17 pages
Be Information Technology Engineering Semester 5 2019 May Database Management Systems Dbms Pattern 2015
No ratings yet
Be Information Technology Engineering Semester 5 2019 May Database Management Systems Dbms Pattern 2015
2 pages
ATS100™, ATSU100™ Alarm Transmitter-Synthesized
No ratings yet
ATS100™, ATSU100™ Alarm Transmitter-Synthesized
2 pages
Cyber Security For Smart Grid
No ratings yet
Cyber Security For Smart Grid
8 pages
Etek1 Manual PDF
No ratings yet
Etek1 Manual PDF
2 pages
Dmap2gcode Manual
No ratings yet
Dmap2gcode Manual
8 pages
A PROJECT REPORT 25 13 Final
No ratings yet
A PROJECT REPORT 25 13 Final
35 pages
Hacking A Wireless Network
No ratings yet
Hacking A Wireless Network
10 pages
Dokumen - Pub - Spring Cloud Fundamentals With Java Codes
No ratings yet
Dokumen - Pub - Spring Cloud Fundamentals With Java Codes
218 pages