====== FirewallD ======

https://fedoraproject.org/wiki/FirewallD

http://oracle-base.com/articles/linux/linux-firewall-firewalld.php

http://www.certdepot.net/rhel7-get-started-firewalld/

FirewallD is the default firewall implementation on CentOS 7.

<file>
firewall-cmd --help
</file>

===== Firewall Status and Control =====

<file>
firewall-cmd --state

firewall-cmd --reload

firewall-cmd --complete-reload

firewall-cmd --get-zones

firewall-cmd --get-default-zone

firewall-cmd --get-services

firewall-cmd --get-services

firewall-cmd --get-icmptypes

firewall-cmd --list-all-zones

firewall-cmd --zone=public --list-all

firewall-cmd --zone=public --add-interface=eth0    # activate the (Public) firewall on ''eth0''
</file>

===== Allow a Service =====

Allow HTTP and HTTPS to a web server:

<file>
firewall-cmd --permanent --zone=public --add-service=http --add-service=https
firewall-cmd --reload
</file>

===== Change SSH Port =====

:!: You may need to install some tools on minimal installs:

<file>
yum -y install policycoreutils-python net-tools
</file>

Change the port in the SSH daemon configuration:

<file>
vim /etc/ssh/sshd_config
</file>

Fix selinux RBAC:

<file>
semanage port -a -t ssh_port_t -p tcp 2222
</file>

Modify the firewall:

<file>
firewall-cmd --permanent --zone=public --add-port=2222/tcp
firewall-cmd --reload
</file>

Restart the SSH service:

<file>
systemctl restart sshd.service

netstat -tapn
</file>