RH134 v8.2 CH11: Managing Network Security (Firewalld/SELinux ports)
What web-based utility allows you to graphically manage firewalld?
cockpit
You've just typed firewall-cmd --list-all, which zone information will be displayed?
default zone
Which service listens on port 53 by default?
dns
Which service listens on port 21 by default?
ftp
Which service listens on port 80 by default?
http
Which service listens on port 443 by default?
https
Which service listens on port 22 by default?
ssh
You want to manually edit the /usr/lib/firewalld/services/ssh.xml to listen on port 222. What directory do you need to copy it to before editing the file?
/etc/firewalld/services/
Where are the default service files stored for firewalld?
/usr/lib/firewalld/services
What steps would you need to perform to configure ssh to accept connections on port 222?
1. Edit /etc/ssh/sshd_conf. Change port to 222 2. Add port 222 to ssh in SELinux policy 3. Restart sshd.service 4. Open port 222 in firewalld and make it permanent 5. Reload firewalld
You want to add nfs access to your firewall and you want that change to be active in runtime and persistent over restarts. What do you need to do?
1. firewall-cmd --persistent --add-service=nfs 2. firewall-cmd --reload
True or False You should copy firewalld service (ssh.xml for example) files to /etc/firewalld/services before editing them?
True
You've configured ssh to listen on port 222 instead of 22. How would open port 222 in your default zone?
firewall-cmd --add-port=222/tcp
Add the nfs service to your default firewalld zone
firewall-cmd --add-service=nfs
Add the nfs service to the firewalld work zone
firewall-cmd --add-service=nfs --zone=work
What command would list all configured interfaces, services, and ports for the trusted zone
firewall-cmd --list-all --zone=trusted
How can you see the firewalld zone available by default?
firewall-cmd --list-all-zones
What firewall-cmd command will block all incoming and outgoing traffic?
firewall-cmd --panic-on
Type a one-line command that allows nfs traffic in the default zone and makes it active in run-time and persistent.
firewall-cmd --permanent --add-service=nfs && firewall-cmd --reload
Which command will show you if panic mode is enabled?
firewall-cmd --query-panic
You've made changes to your persistent firewall configuration and want those changes applied to runtime. What command will accomplish this?
firewall-cmd --reload
Remove the ftp service from the default zone
firewall-cmd --remove-service=ftp
Remove the http service from the firewalld work zone
firewall-cmd --remove-service=http --zone=work
How would you set your default firewalld zone from public to work?
firewall-cmd --set-default-zone=work
Which command will allow you to view sealert messages in a non-graphical environment?
sealert -a /var/log/audit/audit.log
Which command would you allow you to update the current SELinux policy so that port 222 can be used with ssh?
semanage port -a -t ssh_port_t -p tcp 222
Which SELinux command would allow you to view the correct PORT_TYPE and default ports associated with the ssh (or any other) service?
semanage port -l | grep ssh
Which man-page contains examples of how to modify SELinux default ports?
semanage-ports