Author Photo

Being a Linux Enthusiast and a Fan of Open Source Software, I created Ahmer’s SysAdmin Recipes blog to share my experiences with other System Administrators. The curiosity doesn’t let me stop; therefore, I am constantly trying to learn new software tools and techniques. Whereas I also have the passion and the patience to teach the others.

I am always ready to accept new challenges and wish to explore the areas, that I haven’t worked on. Please give me your feedback and help me improve this blog.

Thursday, 24 January 2019

3 Ways to Create a Custom Firewalld Service in CentOS 7.6

3-ways-to-create-a-firewalld-serviceFirewalld is a firewall management tool for Linux operating systems licensed under GNU General Public License 2. Firewalld is the default firewall management tool in RHEL 7 onwards, where it replaces the legacy firewall management tool iptables. Firewalld is a dynamically managed firewall with support for network zones, IPv4, IPv6, ethernet bridges and IP sets.

In this article, we will explore the 3 ways to create a custom firewalld service in CentOS 7.6.

 

System Specification:

Consider a scenario where we are running an Oracle Database 12c instance on CentOS 7.6 server.

Default Oracle Listener uses the service port 1521/tcp. We have also configured another Oracle Listener service that is using port 1522/tcp.

In short, we have two Oracle listeners running on ports 1521/tcp and 1522/tcp simultaneously.

Our objective is to create a custom firewalld service to control access from network to our Oracle Listener ports.

 

1) Create a Custom Firewalld Service using CLI:

In this method, we will create a custom firewalld service using firewall-cmd command.

Create a new service for Oracle Listener ports.

[root@dev-03 ~]# firewall-cmd --permanent --new-service=oranet success

Add long description of the service.

[root@dev-03 ~]# firewall-cmd --permanent --service=oranet \ > --set-description="Oracle Listener Service" success

Add short description of the service.

[root@dev-03 ~]# firewall-cmd --permanent --service=oranet \ > --set-short=oranet success

Add Oracle Listener service ports.

[root@dev-03 ~]# firewall-cmd --permanent --service=oranet --add-port=1521/tcp success [root@dev-03 ~]# firewall-cmd --permanent --service=oranet --add-port=1522/tcp success

Reload firewalld configurations.

[root@dev-03 ~]# firewall-cmd --reload success

Display configurations of our firewalld service.

[root@dev-03 ~]# firewall-cmd --info-service=oranet oranet ports: 1521/tcp 1522/tcp protocols: source-ports: modules: destination:

We can add more settings to our service in similar way. You can refer to Firewalld Documentation for more details.

 

2) Create a Custom Firewalld Service from XML file:

In this method, we will define the firewalld service settings in an XML file and then use firewall-cmd command to create a custom firewalld service.

[root@dev-03 ~]# vi ~/oranet.xml

and add following XML code therein.

<?xml version="1.0" encoding="utf-8"?> <service> <short>oranet</short> <description>Oracle Listener Service</description> <port protocol="tcp" port="1521" /> <port protocol="tcp" port="1522" /> </service>

Now use firewall-cmd command to create firewalld service.

[root@dev-03 ~]# firewall-cmd --permanent --new-service-from-file=oranet.xml success

Reload firewalld configurations and check oranet service.

[root@dev-03 ~]# firewall-cmd --reload success [root@dev-03 ~]# firewall-cmd --info-service=oranet oranet ports: 1521/tcp 1522/tcp protocols: source-ports: modules: destination:

 

3) Create a Custom Firewalld Service from Definition File:

This method is normally used by packages during installation to create their respective firewalld services.

In this method, we create an firewalld service definition file in firewalld configuration directory.

[root@dev-03 ~]# vi /etc/firewalld/services/oranet.xml

Add following XML code therein.

<?xml version="1.0" encoding="utf-8"?> <service> <short>oranet</short> <description>Oracle Listener Service</description> <port protocol="tcp" port="1521" /> <port protocol="tcp" port="1522" /> </service>

Reload firewalld configurations and check service oranet service.

[root@dev-03 ~]# firewall-cmd --reload success [root@dev-03 ~]# firewall-cmd --info-service=oranet oranet ports: 1521/tcp 1522/tcp protocols: source-ports: modules: destination:

We have explored all 3 ways to create a custom firewalld service in centos 7.

3 Ways to Create a Custom Firewalld Service in CentOS 7.6


YOU MIGHT ALSO LIKE:

4 comments:

  1. cual es el servicio por defecto que incluye el puerto 1521 y el 1522?

    ReplyDelete
    Replies
    1. Q: What is the default service that includes port 1521 and 1522?
      A: No, there is not default service defined for 1521 and 1522 (Oracle Listener Ports).

      Delete