add rule to firewalld in Centos7 to allow all traffic from a server

firewall iptables rhel centos7
15,866

Solution 1

I tried to add source using this:

sudo firewall-cmd --permanent --zone=work --add-source=[host_IP]

But still couldn't make the MPI application run correctly. Then decided that the only way to enable MPI on this cluster is to make a rule to accept all traffic between the nodes. I ran those 2 commands. 

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s  [server+IP] -j ACCEPT

firewall-cmd --reload

and it worked like a charm.Not sure if this is the best solution security wise though.

Solution 2

Firstly check which zone your firewall is using ATM:

firewall-cmd --get-active-zones

Then try the following:

firewall-cmd --zone=public --add-port=80/tcp --permanent

Don't forget to replace the zone and the port with the one you are looking for. After that you need to reload the firewall: 

firewall-cmd --reload

This should solve your issue. For further commands use the --help or Google.

Share:
15,866
east.charm
Author by

east.charm

A CS Engineer. Interested in parallel programming and more...

Updated on June 26, 2022

Comments

  • east.charm
    east.charm about 2 years

    I have a small cluster with Centos7. I'm trying how to use the new firewalld.

    I need a rule to allow all traffic between those servers. I was able to do it with:

    sudo iptables -A INPUT -s [hostname] -j ACCEPT

    and it worked. But now I have to use firewall-cmd because of Centos 7. How can I add a rule to allow all traffic between my nodes? I'm trying to run MPI on them but the firewalld is rejecting the connection so the solution I thought of came to this.

    My current firewall-cmd configuration is:

    $ firewall-cmd --list-all
work (default, active)
  interfaces: eno1
  sources:
  services: dhcpv6-client ipp-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:
    • east.charm
      east.charm almost 9 years
      why is this down voted?
  • east.charm
    east.charm almost 9 years
    thanks, my problem with MPI was not solved by adding ports (usually ssh or 22). It was solved by adding the whole server IP to the sources as explained in my answer.
  • Bert
    Bert almost 4 years
    It is not a bad solution. What I'm using nowdays is something similar. firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port=10051 protocol=tcp source address="193.XX.XX.XXX" accept' --permanent With this the connection on 10051 is allowed even if the interface is in the group drop. This way everything would be dropped, noone can come in UNLESS the source IP is the one I've specified AND the PORT. Easy :)

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

how to check if firewall is stopped on redhat 7
How can I make iptables service start automatically after reboot on CenOS/RHEL7?
( /etc/sysconfig/iptables ) "Manual customization of this file is not recommended." Why?
ubuntu iptables NAT & Router & Port Forwarding
How can I allow ssh connection from an IP subnet on port 10022 using iptables?
Correct way to masquerade IP in iptables
I can not connect on ubutu service port 3050, from my network
UFW 'default deny incoming' doesn't work
dport is not working on iptables command
How can I open port 80?