Baishun's Space

Block Some Ports In Debian

By Baishun on Jun 3, 2024
XFacebookEmailY CombinatorLinkedInRedditWhatsApp
linux firewall

Summary

Sometimes we just want the inner user to access some ports, but our server also serve some services in public zone. To handle this we need to use firewall-cmd.

Do the configuration

We need to get the active zone which our interface is using. We can do it like this:

# firewall-cmd --get-active-zones
public
  interfaces: eth0 eth1 docker0

Then, we need to configure the target port, for example ‘8088’, we can configure like this:

  • add the port
# firewall-cmd --zone=public --add-port=8088/tcp --permanent
  • add reject rich rules:
# firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="8088" protocol="tcp" reject' --permanent

Last,we restart the firewall-cmd:

# firewall-cmd --reload

Some other useful command:

# Check if firewall is running
systemctl status firewalld

# start firewall service
systemctl start firewalld

# reload firewall
firewall-cmd --reload

# check rules of some zone
firewall-cmd --zone=public --list-all

# get active zones
firewall-cmd --get-active-zones

# change interface zone
firewall-cmd --zone=public --change-interface=eth0
firewall-cmd --reload

# add port and reload firewall
firewall-cmd --zone=public --add-port=8080/tcp --permanent
firewall-cmd --reload

# list all zones and rules
firewall-cmd --list-all-zones

# use iptables to check rules
iptables -L -n -v

# use iptables to check some ports
iptables -L -n -v | grep 8080

# system logs
journalctl -xe
For business cooperation or you have any questions, please send email to : lecy.cc.app@gmail.com
© Copyright 2025 by Baishun Space. Built with ♥ by Lecy. Origin theme of this blog is from ixartz. Social Icons are copied from astro-social-share