Welcome to Day 24 of the 30 Days of Linux Challenge!
Today’s focus is on securing and managing network access using firewalld, nmcli, and iptables — tools that are deeply integrated into Red Hat-based systems.
📚 Table of Contents
- Why Firewall & Network Management Matters
- Start and Enable firewalld
- Check Firewall Status and Rules
- Allow and Block Services
- Port-Based Rules with firewalld
- Use Zones for Granular Control
- Manage Network Connections with nmcli
- Inspect Rules with iptables
- Try It Yourself
- Why This Matters
Why Firewall & Network Management Matters
🔒 Firewalls protect your system from unauthorized access
🌐 Network tools ensure connectivity, DNS, IP config, and interface control
🚀 Red Hat provides enterprise-grade options to manage both with precision
Start and Enable firewalld
sudo systemctl enable --now firewalld
sudo systemctl status firewalld
Check Firewall Status and Rules
sudo firewall-cmd --state
sudo firewall-cmd --list-all
This shows:
- Active zone (usually public)
- Allowed services and ports
Allow and Block Services
Allow SSH (if it’s not already):
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --reload
Block a service:
sudo firewall-cmd --remove-service=ftp --permanent
sudo firewall-cmd --reload
Port-Based Rules with firewalld
Open a custom port:
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --reload
Check open ports:
sudo firewall-cmd --list-ports
Use Zones for Granular Control
List available zones:
sudo firewall-cmd --get-zones
Change zone for a specific interface:
sudo firewall-cmd --zone=internal --change-interface=eth0 --permanent
Manage Network Connections with nmcli
List connections:
nmcli connection show
View device status:
nmcli device status
Static IP configuration:
nmcli connection modify eth0 ipv4.addresses 192.168.1.100/24
nmcli connection modify eth0 ipv4.gateway 192.168.1.1
nmcli connection modify eth0 ipv4.dns 8.8.8.8
nmcli connection modify eth0 ipv4.method manual
nmcli connection up eth0
Inspect Rules with iptables
View raw firewall rules:
sudo iptables -L -n -v
Although firewalld is preferred, iptables is still useful for inspection and legacy troubleshooting.
Try It Yourself
🧪 Practice tasks:
- Start and enable firewalld
- Add and remove a service or port
- View current zone and active rules
- Use nmcli to set a static IP (test on a VM or safe machine)
- Run iptables -L to inspect low-level rules
Why This Matters
Firewall and network misconfigurations are one of the top causes of downtime.
By learning:
firewalld → fast, zone-based rule management
nmcli → flexible, scriptable network config
iptables → rule-level diagnostics
…you gain complete control over how and when your system communicates.
Top comments (0)