Firewall
CloudShark is installed on a RHEL-based Linux operating system which uses FirewallD by default. FirewallD is capable of very complex firewall rules so refer to the documentation for more information if you need a specific configuration.
FirewallD
Firewalld configures zones to apply firewall rules to and interfaces are then assigned to zones.
Note that the following rules will not apply to the system automatically. After modifying the firewall rules run the following command for these updated rules to take effect:
# firewall-cmd --reload
These commands also make use of a service name rather than a protocol and port pair such as port 80 running over tcp. The service name for this example would be http. The services are defined in the /etc/services file with each service on its own line. For example the http service is defined as:
http 80/tcp www www-http # WorldWideWeb HTTP
http 80/udp www www-http # HyperText Transfer Protocol
http 80/sctp # HyperText Transfer Protocol
Show Active Zones
This command will show the zones in use and the interfaces assigned to each zone.
# firewall-cmd --get-active-zones
Any interfaces you plan to use to access CloudShark should be placed in the public zone by default unless you have a custom firewall configuration.
Show Current Rules For Zone
This command will show the current firewall rules for a zone.
# firewall-cmd --zone=<zone name> --list-all
Here is an example of this command:
# firewall-cmd --zone=public --list-all
public (default, active)
interfaces: eth0
sources:
services: http ssh
ports:
masquerade: no
forward-ports:
icmp-blocks:
rich rules:
In the example above take a look at the services line which states which services are allowed for this zone. For this example only the http and ssh services are allowed incoming through the firewall.
Add Rule
By default all services will be blocked by firewalld. To allow a service through the firewall use the following command:
# firewall-cmd --permanent --zone=<zone name> --add-service=<Service Name>
Delete Rule
To remove a service from a zone and block this traffic use the following command:
# firewall-cmd --permanent --zone=<zone name> --remove-service=<Service Name>