Thursday, April 22, 2021

Adding Rules to Firewalld before Starting It

This is really useful if we want to start firewalld via ssh. If we start firewalld without allowing ssh, we will be locked out from the machine.

The solution is, to use a command called firewall-offline-cmd. This tool acts similarly with firewal-cmd, except it works during the daemon is dead.

To avoid being locked out of a remotely accessed, we should first allow ssh in firewalld

$ sudo firewall-offline-cmd --add-service ssh

We are now safe to start firewalld

$ sudo systemctl start firewalld

Once started, we can make the rule permanent on firewalld restart 

$ sudo firewall-cmd --add-service ssh --permanent

Make firewalld start automatically on every server boot 

$ sudo systemctl enable firewalld

No comments: