adjusted summary for sysadmins

2024-07-10 21:30:25 -04:00
parent 4c874c20ac
commit 97c0de6552
208 changed files with 87 additions and 87 deletions
--- a/collections/sysadmins/computer_it_basics/firewall_basics/firewall_basics.md
+++ b/collections/sysadmins/computer_it_basics/firewall_basics/firewall_basics.md
@@ -0,0 +1,8 @@
+<h1> Firewall Basics </h1>
+
+In this section, we cover the basic information concerning Firewall uses on Linux, most notably, we give basic commands and information on UFW and Firewalld.
+
+<h2> Table of Contents </h2>
+
+- [UFW Basics](ufw_basics.md)
+- [Firewalld Basics](firewalld_basics.md)
--- a/collections/sysadmins/computer_it_basics/firewall_basics/firewalld_basics.md
+++ b/collections/sysadmins/computer_it_basics/firewall_basics/firewalld_basics.md
@@ -0,0 +1,149 @@
+<h1>Firewalld Basic Commands</h1>
+
+<h2>Table of Contents</h2>
+
+- [Introduction](#introduction)
+- [Firewalld Basic Commands](#firewalld-basic-commands)
+  - [Install Firewalld](#install-firewalld)
+  - [See the Status of Firewalld](#see-the-status-of-firewalld)
+  - [Enable Firewalld](#enable-firewalld)
+  - [Stop Firewalld](#stop-firewalld)
+  - [Start Firewalld](#start-firewalld)
+  - [Disable Firewalld](#disable-firewalld)
+  - [Mask Firewalld](#mask-firewalld)
+  - [Unmask Firewalld](#unmask-firewalld)
+  - [Add a Service to Firewalld](#add-a-service-to-firewalld)
+  - [Remove a Service to Firewalld](#remove-a-service-to-firewalld)
+  - [Remove the Diles of a Service to Firewalld](#remove-the-diles-of-a-service-to-firewalld)
+  - [See if a Service is Available](#see-if-a-service-is-available)
+  - [Reload Firewalld](#reload-firewalld)
+  - [Display the Services and the Open Ports for the Public Zone](#display-the-services-and-the-open-ports-for-the-public-zone)
+  - [Display the Open Ports by Services and Port Numbers](#display-the-open-ports-by-services-and-port-numbers)
+  - [Add a Port for tcp](#add-a-port-for-tcp)
+  - [Add a Port for udp](#add-a-port-for-udp)
+  - [Add a Port for tcp and udp](#add-a-port-for-tcp-and-udp)
+- [References](#references)
+
+
+## Introduction
+
+We present a quick introduction to [firewalld](https://firewalld.org/), a free and open-source firewall management tool for Linux operating systems. This guide can be useful for users of the TFGrid deploying on full and micro VMs as well as other types of deployment.
+
+## Firewalld Basic Commands
+
+### Install Firewalld 
+
+  * ```
+    apt install firewalld -y
+    ```
+### See the Status of Firewalld
+
+  * ```
+    firewall-cmd --state
+    ```
+### Enable Firewalld
+
+  * ```
+    systemctl enablefirewalld
+    ```
+### Stop Firewalld
+
+  * ```
+    systemctl stop firewalld
+    ```
+### Start Firewalld
+
+  * ```
+    systemctl start firewalld
+    ```
+### Disable Firewalld
+
+  * ```
+    systemctl disable firewalld
+    ```
+### Mask Firewalld
+
+  * ```
+    systemctl mask --now firewalld
+    ```
+### Unmask Firewalld
+
+  * ```
+    systemctl unmask --now firewalld
+    ```
+### Add a Service to Firewalld
+
+  * Temporary
+    * ```
+      firewall-cmd --add-service=<service_name>
+      ```
+  * Permanent
+    * ```
+      firewall-cmd --add-service=<service_name> --permanent
+      ```
+
+### Remove a Service to Firewalld
+
+  * Temporary
+    * ```
+      firewall-cmd --remove-service=<service_name>
+      ```
+  * Permanent
+    * ```
+      firewall-cmd --remove-service=<service_name> --permanent
+      ```
+
+### Remove the Diles of a Service to Firewalld
+
+  * ```
+    rm -f /etc/firewalld/services/<service_name>.xml*
+    ```
+
+### See if a Service is Available
+
+  * ```
+    firewall-cmd --info-service=<service_name>
+    ``` 
+
+### Reload Firewalld
+
+  * ```
+    firewall-cmd --reload
+    ```
+
+### Display the Services and the Open Ports for the Public Zone
+
+  * ```
+    firewall-cmd --list-all --zone=public
+    ```
+
+### Display the Open Ports by Services and Port Numbers
+
+* By services
+  * ```
+    firewall-cmd --list-services
+    ```
+* By port numbers
+  * ```
+    firewall-cmd --list-ports
+    ```
+
+### Add a Port for tcp
+
+  * ```
+    firewall-cmd --zone=public --add-port=<port>/tcp
+    ```
+### Add a Port for udp
+
+  * ```
+    firewall-cmd --zone=public --add-port=<port>/udp
+    ```
+### Add a Port for tcp and udp
+
+  * ```
+    firewall-cmd --zone=public --add-port=<port>
+    ```
+
+## References
+
+ufw man pages - https://firewalld.org/documentation/man-pages/firewalld.html
--- a/collections/sysadmins/computer_it_basics/firewall_basics/ufw_basics.md
+++ b/collections/sysadmins/computer_it_basics/firewall_basics/ufw_basics.md
@@ -0,0 +1,256 @@
+
+<h1> Uncomplicated Firewall (ufw) Basic Commands</h1>
+
+<h2>Table of Contents</h2>
+
+- [Introduction](#introduction)
+- [Basic Commands](#basic-commands)
+  - [Install ufw](#install-ufw)
+  - [Enable ufw](#enable-ufw)
+  - [Disable ufw](#disable-ufw)
+  - [Reset ufw](#reset-ufw)
+  - [Reload ufw](#reload-ufw)
+  - [Deny Incoming Connections](#deny-incoming-connections)
+  - [Allow Outgoing Connections](#allow-outgoing-connections)
+  - [Allow a Specific IP address](#allow-a-specific-ip-address)
+  - [Allow a Specific IP Address to a Given Port](#allow-a-specific-ip-address-to-a-given-port)
+  - [Allow a Port for tcp](#allow-a-port-for-tcp)
+  - [Allow a Port for tcp and udp](#allow-a-port-for-tcp-and-udp)
+  - [Allow a Subnet to a Given Port](#allow-a-subnet-to-a-given-port)
+  - [Deny an IP Address](#deny-an-ip-address)
+  - [Block Incoming Connections to a Network Interface](#block-incoming-connections-to-a-network-interface)
+  - [Delete a Rule with Number](#delete-a-rule-with-number)
+  - [Get App Info](#get-app-info)
+  - [Allow a Specific App](#allow-a-specific-app)
+- [References](#references)
+
+
+## Introduction
+
+We present a quick introduction to [Uncomplicated Firewall (ufw)](https://firewalld.org/), a free and open-source firewall management tool for Linux operating systems. This guide can be useful for users of the TFGrid deploying on full and micro VMs as well as other types of deployment.
+
+## Basic Commands
+
+We show here basic commands to set a firewall on Linux with Uncomplicated Firewall (ufw).
+
+### Install ufw
+
+  * Update
+    * ``` 
+      apt update
+      ```
+  * Install ufw
+    * ``` 
+      apt install ufw
+      ```
+
+### Enable ufw
+
+  * ``` 
+    ufw enable
+    ``````
+
+### Disable ufw
+
+  * ``` 
+    ufw disable
+    ```
+  
+### Reset ufw
+
+  * ``` 
+    ufw reset
+    ``` 
+
+### Reload ufw
+
+  * ``` 
+    ufw reload
+    ``` 
+
+### Deny Incoming Connections
+
+  * ``` 
+    ufw default deny incoming
+    ```
+
+### Allow Outgoing Connections
+
+  * ``` 
+    ufw default allow outgoing
+    ```
+### Allow a Specific IP address
+
+  * ```
+    ufw allow from <IP_Address>
+    ```
+
+### Allow a Specific IP Address to a Given Port
+
+  * ```
+    ufw allow from <IP_Address> to any port <port>
+    ```
+
+### Allow a Port for tcp
+
+* ```
+  ufw allow <port>/tcp
+  ```
+### Allow a Port for udp
+
+* ```
+  ufw allow <port>/udp
+  ```
+### Allow a Port for tcp and udp
+
+* ```
+  ufw allow <port>
+  ```
+
+### Allow Ports: Examples
+
+Here are some typical examples of ports to allow with ufw:
+
+* Allow SSH (port 22)
+  * ```
+    ufw allow ssh
+    ```
+* Allow HTTP (port 80)
+  * ```
+    ufw allow http
+    ```
+* Allow HTTPS (port 443)
+  * ```
+    ufw allow https
+    ```
+* Allow mysql (port 3306)
+  * ```
+    ufw allow 3306
+    ```
+
+### Allow Port Ranges
+
+* Template
+  * ```
+    ufw allow <port_range_floor>:<port_range_ceiling>
+    ```
+* Example
+  * ```
+    ufw allow 6000:6005
+    ```
+
+### Allow a Subnet
+
+* ```
+  ufw allow from <subnet>
+  ```
+
+### Allow a Subnet to a Given Port
+
+* ```
+  ufw allow from <subnet> to any port <port>
+  ```
+
+### Deny a Port
+
+* ```
+  ufw deny <port>
+  ```
+
+### Deny an IP Address
+
+* ```
+  ufw deny <IP_Address>
+  ```
+
+### Deny a Subnet
+
+* ```
+  ufw deny from <subnet>
+  ```
+
+### Block Incoming Connections to a Network Interface
+
+* ```
+  ufw deny in on <network_interface> from <IP_Address>
+  ```
+
+### Check Rules
+
+Use **status** to check the current firewall configurations. Add **verbose** for more details.
+
+* ```
+  ufw status 
+  ```
+* ```
+  ufw status verbose
+  ```
+
+### Check Rules (Numbered)
+
+It can be useful to see the numbering of the rules, to remove more easily a rule for example.
+
+* ```
+  ufw status numbered
+  ```
+
+### Delete a Rule with Number
+
+It can be useful to see the numbering of the rules, to remove more easily a rule for example.
+
+* ```
+  ufw delete <rule_number>
+  ```
+
+### Delete a Rule with the Rule Name and Parameters
+
+You can also delete a rule by writing directly the rule name you used to add the rule.
+
+* Template
+  * ```
+    ufw delete <rule_name> <rule_parameters>
+    ```
+* Example
+  * ```
+    ufw delete allow ssh
+    ```
+  * ```
+    ufw delete allow 22
+    ```
+
+You can always check the current rules with **ufw status** to see if the rules are properly removed.
+
+### List the Available Profiles Available
+
+* ```
+  ufw app list
+  ```
+
+This command will give you the names of the apps present on the server. You can then use **ufw app info** to get information on the app, or allow the app with **ufw allow**
+
+### Get App Info
+
+* ```
+  ufw app info <app_name>
+  ```
+
+### Set ufw in Verbose Mode
+
+* ```
+  ufw verbose
+  ```
+
+### Allow a Specific App
+
+* Template
+  * ```
+    ufw allow "<app_name>"
+    ```
+* Example
+  * ```
+    ufw allow "NGINX Full"
+    ```
+
+## References
+
+ufw man pages - https://manpages.ubuntu.com/manpages/trusty/man8/ufw.8.html