LabEx
Log InJoin Free

Restrict Network Access Using firewall-cmd

Red Hat Enterprise LinuxBeginner
Practice Now

Introduction

In this challenge, you will practice managing network access control on a Red Hat Enterprise Linux system. You will use the firewall-cmd utility, the command-line interface for the firewalld service, to configure rules that permit or deny network traffic. This is a fundamental skill for any system administrator responsible for securing servers.

Configure a Firewall Rule to Allow SSH Access

Your first task is to ensure that remote administration via SSH is allowed through the system's firewall. You will add a permanent rule for the SSH service.

Before you begin, it's good practice to check the status of the firewall. You can do this by running sudo firewall-cmd --state. if the firewall is not running, you can start it by running sudo systemctl start firewalld.

Tasks

  • Create a permanent firewall rule to allow incoming SSH traffic.
  • Apply the changes to the active firewall configuration.
  • Verify that the rule has been successfully added.

Requirements

  • All firewall modifications must be performed using the firewall-cmd command.
  • The rule must specifically enable the ssh service.
  • The rule must be permanent to survive a system reboot.

Example

After correctly adding the permanent rule and reloading the firewall, listing the permanent services should include ssh.

$ sudo firewall-cmd --list-services --permanent
cockpit dhcpv6-client ssh

Configure a Firewall Rule to Block a Specific IP Address

Next, you will enhance security by blocking all traffic from a specific IP address. For this task, you will use a "rich rule," which allows for more complex and detailed firewall configurations.

Tasks

  • Create a permanent rich rule to block all incoming traffic from the IP address 192.168.1.100.
  • Apply the changes to make the rule active.
  • Verify that the rich rule is correctly configured.

Requirements

  • The rule must be created using the firewall-cmd command.
  • The rule must be a "rich rule" that rejects traffic from the source IP address 192.168.1.100.
  • The rule must be made permanent.

Example

After adding the rule and reloading the firewall, listing the permanent rich rules should show the rule you created.

$ sudo firewall-cmd --list-rich-rules --permanent
rule family="ipv4" source address="192.168.1.100" reject

Summary

In this challenge, you have learned how to perform essential firewall management tasks using firewall-cmd on a Red Hat Enterprise Linux system. You successfully configured rules to allow a specific service (SSH) and to block traffic from a source IP address using a rich rule. You also practiced making these changes permanent and applying them to the live firewall configuration. These skills are crucial for securing Linux systems and controlling network access.

✨ Check Solution and Practice✨ Check Solution and Practice
Related Red Hat Enterprise Linux Courses
Red Hat System Administration (RH124) Certification Labs

Red Hat System Administration (RH124) Certification Labs

rhellinux
Red Hat System Administration (RH134) Certification Labs

Red Hat System Administration (RH134) Certification Labs

rhellinux
Red Hat Enterprise Linux Automation with Ansible (RH294) Certification Labs

Red Hat Enterprise Linux Automation with Ansible (RH294) Certification Labs

rhelansiblelinux