mirrors/cheat-sheets
1
0
Fork 0
mirror of https://github.com/yuriskinfo/cheat-sheets.git synced 2025-12-24 06:28:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
477e88c51ed56f40e67df55321545d3f5b3eedb5
cheat-sheets/Linux-and-BSD-firewalls-cheat-sheet.adoc
Yuri Slobodyanyuk 0d3bbcbcd9 ongoing additions, changes, and fixes
2020-10-28 13:28:39 +00:00

88 lines
2.0 KiB
Plaintext
Raw Blame History

= Linux and PF firewalls commands cheat sheet
Yuri Slobodyanyuk <admin@yurisk.info>
v1.0, 2020-09-01
:homepage: https://yurisk.info
== Firewalld daemon management (Red Hat based distributions)
.firewall-cmd commands
[cols=2, options="header"]
|===
|Command
|Description
|*firewall-cmd --state*
|Show firewall daemon status
|*firewall-cmd --list-all*
|List currently active rules
|*firewall-cmd --reload*
|Reload firewall keeping the state table. Active sessions do not disconnect. On finishing reload will output `success`.
|*firewall-cmd --get-default-zone*
| Show the default zone for interfaces.
|*firewall-cmd --get-zones*
|List all available zones
|*firewall-cmd --get-active-zones*
| Show active zones, including to which zone each interface belongs.
|*firewall-cmd --list-all-zones*
|List all zones with their rules and associated interfaces.
|*firewall-cmd -add-service <service name>*
|Add predefined service by name to the default zone, with action ACCEPT, e.g. `firewall-cmd -add-service ftp` .
|===
== Ubuntu Uncomplicated Firewall (ufw)
.ufw management commands
[cols=2, options="header"]
|===
|Command
|Description
|*ufw status*
|Show whether the firewall is on and if on, list the active rules.
|*ufw enable*
|Enable firewall.
|*ufw disable*
|Disable firewall
|*ufw reload*
|Reload firewall and rules.
|*ufw allow <predefined service name>*
| Allow some service in any direction from/to any IP address using so called `simple` rule syntax. The service names are as per `/etc/services`. E.g. to allow ssh from any: `ufw allow ssh`.
|*/etc/ufw/before.rule*
|Some rules are pre-allowed by default, to change them edit this file and reload the firewall.
|===
== PF (Packet Filter) management for FreeBSD & OpenBSD
[cols=2, options="header"]
|===
|Command
|Description
|*pfct -d*
|Disable PF in place, does not survive reboot.
|*pfctl -ef /etc/pf.conf*
|Enable PF and load the rule set from file `/etc/pf.conf` in one go.
|*pfctl -nf /etc/pf.conf*
|Parse security rules soterd in a file without installing them (dry run).
|===
Reference in New Issue View Git Blame Copy Permalink