firewalld.policy-set-gateway - Firewalld Policy Set Gateway
NAME DESCRIPTION Policy Set: Gateway Policies in the Gateway set SEE ALSO NOTES AUTHORSNAME
firewalld.policy-set-gateway − Firewalld Policy Set Gateway
DESCRIPTION
Policy Set: Gateway
The Gateway policy set is a useful starting point for a home router. It enables masquerading, conntrack helpers, and forwarding between zones.
Zones used by this set are logically grouped. These groups name are used by the predefined policies.
+−−−−−−−−−−−+
+−−−−−−−−−−−+
| LAN | | WORLD |
|−−−−−−−−−−−|
|−−−−−−−−−−−|
| zones: | | zones: |
| internal | | external |
| home | | public |
| trusted | | |
+−−−−−−−−−−−+
+−−−−−−−−−−−+
| |
| |
|
+−−−−−−−−−−−+
|
+−−−−−−−−−|
HOST
|−−−−−−−−+
|−−−−−−−−−−−|
| zones: |
+−−−−−−−−−|
HOST
|−−−−−−−−+
|
+−−−−−−−−−−−+
|
| |
| |
+−−−−−−−−−−−+
+−−−−−−−−−−−+
| WORK | | DMZ |
|−−−−−−−−−−−|
|−−−−−−−−−−−|
| zones: | | zones: |
| work | | dmz |
+−−−−−−−−−−−+
+−−−−−−−−−−−+
Policies in the Gateway set
gateway−dmz−to−HOST
Enables services commonly needed for a gateway, e.g. dns, dhcp.
File location: /usr/lib/firewalld/policies/gateway−dmz−to−HOST.xml
gateway−lan−to−work
Allows all traffic from LAN to work. Enables masquerading and common connection tracking helpers.
File location: /usr/lib/firewalld/policies/gateway−lan−to−work.xml
gateway−lan−to−world
Allows all traffic from LAN to world. If an interface is added to the "external" zone then the traffic will be masqueraded. Also enables connection tracking helpers for common services, e.g. ftp.
File location: /usr/lib/firewalld/policies/gateway−lan−to−world.xml
gateway−lan−to−HOST
Enables services commonly needed for a gateway, e.g. dns, dhcp.
File location: /usr/lib/firewalld/policies/gateway−lan−to−HOST.xml
gateway−world−to−HOST
May be used to expose internal/dmz services to the world by adding a forward port to this policy.
Here is an example for adding a forward port. It forward port 8080 to 10.1.1.42:80.
#
firewall−cmd −−permanent
−−policy gateway−world−to−HOST
\
−−add−forward−port=port=8080:proto=tcp:toport=80:toaddr=10.1.1.42
# firewall−cmd −−reload
File location: /usr/lib/firewalld/policies/gateway−world−to−HOST.xml
SEE ALSO
firewall-applet(1), firewalld(1), firewall-cmd(1), firewall-config(1), firewalld.conf(5), firewalld.direct(5), firewalld.dbus(5), firewalld.icmptype(5), firewall-offline-cmd(1), firewalld.richlanguage(5), firewalld.service(5), firewalld.zone(5), firewalld.zones(5), firewalld.policy(5), firewalld.policies(5), firewalld.ipset(5), firewalld.helper(5)
NOTES
firewalld home page:
http://firewalld.org
AUTHORS
Thomas Woerner <[email protected]>
Developer
Jiri Popelka <[email protected]>
Developer
Eric Garver <[email protected]>
Developer