====== FirewallD ======
https://fedoraproject.org/wiki/FirewallD
http://oracle-base.com/articles/linux/linux-firewall-firewalld.php
http://www.certdepot.net/rhel7-get-started-firewalld/
FirewallD is the default firewall implementation on CentOS 7.
firewall-cmd --help
===== Firewall Status and Control =====
firewall-cmd --state
firewall-cmd --reload
firewall-cmd --complete-reload
firewall-cmd --get-zones
firewall-cmd --get-default-zone
firewall-cmd --get-services
firewall-cmd --get-services
firewall-cmd --get-icmptypes
firewall-cmd --list-all-zones
firewall-cmd --zone=public --list-all
firewall-cmd --zone=public --add-interface=eth0 # activate the (Public) firewall on ''eth0''
===== Allow a Service =====
Allow HTTP and HTTPS to a web server:
firewall-cmd --permanent --zone=public --add-service=http --add-service=https
firewall-cmd --reload
===== Change SSH Port =====
:!: You may need to install some tools on minimal installs:
yum -y install policycoreutils-python net-tools
Change the port in the SSH daemon configuration:
vim /etc/ssh/sshd_config
Fix selinux RBAC:
semanage port -a -t ssh_port_t -p tcp 2222
Modify the firewall:
firewall-cmd --permanent --zone=public --add-port=2222/tcp
firewall-cmd --reload
Restart the SSH service:
systemctl restart sshd.service
netstat -tapn