Enable Firewalld Rules on Kickstart

To enable firewall rules on kickstart file we need to use the following command

FIREWALL-OFFLINE-C(1)                                                                                     firewall-offline-cmd                                                                                    FIREWALL-OFFLINE-C(1)

NAME
       firewall-offline-cmd - firewalld offline command line client

SYNOPSIS
       firewall-offline-cmd [OPTIONS...]

DESCRIPTION
       firewall-offline-cmd is an offline command line client of the firewalld daemon. It should be used only if the firewalld service is not running. For example to migrate from system-config-firewall/lokkit or in the install
       environment to configure firewall settings with kickstart.

       Some lokkit options can not be automatically converted for firewalld, they will result in an error or warning message. This tool tries to convert as much as possible, but there are limitations for example with custom rules,
       modules and masquerading.

       Check the firewall configuration after using this tool.

OPTIONS
       If no options are given, configuration from /etc/sysconfig/system-config-firewall will be migrated.

       For sequence options, this are the options that can be specified multiple times, the exit code is 0 if there is at least one item that succeded. The ALREADY_ENABLED (11), NOT_ENABLED (12) and also ZONE_ALREADY_SET (16)
       errors are treated as succeeded. If there are issues while parsing the items, then these are treated as warnings and will not change the result as long as there is a succeeded one. Without any succeeded item, the exit code
       will depend on the error codes. If there is exactly one error code, then this is used. If there are more than one then UNKNOWN_ERROR (254) will be used.


Example  add a port to the default zone

firewall-offline-cmd  --port=3333:tcp

Example Add service

firewalld -offline-cmd --service=dns


Comments

Post a Comment

Popular posts from this blog

How to clean all the foreman task and locked task

1.- First make su to postgres user su -s /bin/bash - postgres  2.-Execute psql psql  3.- connect to the foreman database \c foreman;  4.- Delete all the foreman task and foreman task locks delete from foreman_tasks_tasks;  delete from foreman_tasks_locks;  5.- Quit from postgres and exit \q  exit  6. Restart all the services for s in {qpidd,pulp_celerybeat,pulp_ resource_manager,pulp_workers, httpd}; do sudo service $s restart; done  Update in todays foreman you can clean the task using the following command: foreman-rake foreman_tasks:cleanup
Read more

How to restrict users to send only mail to the local domain in Zimbra

How to restrict users to send only mail to the local domain in Zimbra 1. Open file /opt/zimbra/conf/zmconfigd/smtpd_recipient_restrictions.cf and add this line below reject_non_fqdn_recipient. This is example on my system permit_sasl_authenticated check_sender_access lmdb:/opt/zimbra/postfix/conf/restricted_senders permit_mynetworks 2. Open file /opt/zimbra/conf/zmconfigd.cf and add those lines before RESTART mta. This is example on my system POSTCONF smtpd_restriction_classes local_only POSTCONF local_only FILE postfix_check_recipient_access.cf RESTART mta 3. Create a file /opt/zimbra/conf/postfix_check_recipient_access.cf and add the following line.  check_recipient_access lmdb:/opt/zimbra/postfix/conf/local_domains, reject 4. Create a file "/opt/zimbra/postfix/conf/restricted_senders" and list all the users, whom you want to restrict. Follow this syntax: user@yourdomain.com local_only 5. Create a file "/opt/zimb...
Read more

Hardening Script

#!/bin/bash function set_parameter { sed -i -e "s|^$2.*|$2$3|" $1 egrep "^$2*" $1 > /dev/null ||echo "$2$3" >> $1 } #--------------------------------------------------------------------------------------------------------------- function add_line { egrep "^$2" $1 > /dev/null || echo "$2" >> $1 } #--------------------------------------------------------------------------------------------------------------- echo '# This file contains the auditctl rules that are loaded # whenever the audit daemon is started via the initscripts. # The rules are simply the parameters that would be passed # to auditctl. # First rule - delete all -D # Increase the buffers to survive stress events. # Make this bigger for busy systems -b 8192 # Feel free to add below this line. See auditctl man page -a always,exit -F arch=b32 -S adjtimex -S settimeofday -S stime -k timechange ...
Read more