My notes to open internal firewall on a newly built server.
On a newly built Redhat/Oracle Linux all the ports are blocked by default
I installed Oracle & the listener is running on port 1521 port - I was not able to access the port from other servers or from network. The fix is to open internal firewall, this can be performed using GUI/command line options.
Important
"firewall-cmd --reload" Always run after adding/removing a port/service .
Verify opened ports
$ firewall-cmd --list-ports
Add Ports - TCP/UDP
$ firewall-cmd --permanent --add-port=1521/tcp
$ firewall-cmd --permanent --add-port=7001-7099/tcp
$ firewall-cmd --permanent --list-ports
blank
$ firewall-cmd --reload
$ firewall-cmd --list-ports
1521/tcp 7001-7099/tcp
Add Service - Instead of TCP/UDP, you can also add service function
$ firewall-cmd --permanent --add-service=ssh
$ firewall-cmd --permanent --add-service=http
Remove Port
$ firewall-cmd --permanent --remove-port=444/udp
$ firewall-cmd --permanent --remove-port=1521/tcp
$ firewall-cmd --permanent --remove-port=7001-7099/tcp
$ firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: dhcpv6-client postgresql ssh
ports: 1521/tcp 1522/tcp 22/tcp
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Ref:
https://www.liquidweb.com/kb/an-introduction-to-firewalld/
https://landoflinux.com/linux_firewall_config_tool.html
https://www.tecmint.com/open-port-for-specific-ip-address-in-firewalld/
https://firewalld.org/documentation/howto/open-a-port-or-service.html
https://firewalld.org/documentation/howto/add-a-service.html
No comments:
Post a Comment