| 24 | |
| 25 | |
| 26 | Firewalld configuration |
| 27 | |
| 28 | http://www.certdepot.net/rhel7-get-started-firewalld/ |
| 29 | http://forums.fedoraforum.org/showthread.php?t=289907 |
| 30 | |
| 31 | By default interfaces are assigned to the public zone. This zone only allows external ssh access. |
| 32 | |
| 33 | Create a new zone "webserver": |
| 34 | |
| 35 | Create the new zone |
| 36 | {{{ |
| 37 | sudo firewall-cmd --permanent --new-zone=webserver |
| 38 | }}} |
| 39 | |
| 40 | Add services to the new zone |
| 41 | {{{ |
| 42 | sudo firewall-cmd --permanent --zone=webserver --add-service=http |
| 43 | sudo firewall-cmd --permanent --zone=webserver --add-service=https |
| 44 | sudo firewall-cmd --permanent --zone=webserver --add-service=ssh |
| 45 | }}} |
| 46 | |
| 47 | Assign a network interface to the zone |
| 48 | {{{ |
| 49 | firewall-cmd --permanent --zone=webserver --change-interface=venet0 |
| 50 | }}} |
| 51 | |
| 52 | Activate the changes |
| 53 | {{{ |
| 54 | sudo firewall-cmd --reload |
| 55 | }}} |
| 56 | |