Firewall rules using services
When we think of firewalls, we think of allowing or denial of access to ports. The use of service XML files can ease the port management with one service, perhaps listing multiple ports. The other point to take note of is that firewalld
daemon's default policy is to deny access, so any access needed has to be explicitly granted to a port associated with a service. To list services that have been allowed on the default zone, we can simply use the --list-services
option, as shown in the following example:
# firewall-cmd --list-services
Similarly, we can gain access to services allowed in a specific zone by including the --zone=
option. This can be seen in the following example:
# firewall-cmd --zone=home --list-services
The output from this command is shown in the following screenshot. It lists services associated with the home
zone:
As you start enabling services, you can easily allow a predefined service through a zone. Predefined services are listed as XML files...