In this challenge, you will practice managing network access control on a Red Hat Enterprise Linux system. You will use the firewall-cmd utility, the command-line interface for the firewalld service, to configure rules that permit or deny network traffic. This is a fundamental skill for any system administrator responsible for securing servers.
Your first task is to ensure that remote administration via SSH is allowed through the system's firewall. You will add a permanent rule for the SSH service.
Before you begin, it's good practice to check the status of the firewall. You can do this by running sudo firewall-cmd --state. if the firewall is not running, you can start it by running sudo systemctl start firewalld.
firewall-cmd command.ssh service.After correctly adding the permanent rule and reloading the firewall, listing the permanent services should include ssh.
$ sudo firewall-cmd --list-services --permanent
cockpit dhcpv6-client sshNext, you will enhance security by blocking all traffic from a specific IP address. For this task, you will use a "rich rule," which allows for more complex and detailed firewall configurations.
192.168.1.100.firewall-cmd command.192.168.1.100.After adding the rule and reloading the firewall, listing the permanent rich rules should show the rule you created.
$ sudo firewall-cmd --list-rich-rules --permanent
rule family="ipv4" source address="192.168.1.100" rejectIn this challenge, you have learned how to perform essential firewall management tasks using firewall-cmd on a Red Hat Enterprise Linux system. You successfully configured rules to allow a specific service (SSH) and to block traffic from a source IP address using a rich rule. You also practiced making these changes permanent and applying them to the live firewall configuration. These skills are crucial for securing Linux systems and controlling network access.
