I created a custom zone inside my firewalld on my Centos 7. This custom zone has no rules yet. I want to do this: first add a rule that allows all the outbound traffic and drops all inbound traffic. After that I want to allow specific port/protocol inboung, adding exceptions to the firewalld. How do I do that? In my iptables I used this:
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -A INPUT -p tcp -m tcp –dport 80 -j ACCEPT
iptables -A INPUT -p tcp -m tcp –dport 443-j ACCEPT
How does I migrate these rules to the firewalld example below where XXX will be something like “add-rule”, “add-rich-rule” or something you think is correct:
firewall-cmd –permanent –zone=custom_zone XXX
firewalld already allows outbound traffic and blocks all inbound traffic. You only need to add the services or ports you want to open.
firewall-cmd --zone=custom_zone --add-service=https
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.