1 00:00:06,450 --> 00:00:08,400 - In this video, we are further going to explore 2 00:00:08,400 --> 00:00:10,263 working with zones in firewalld. 3 00:00:11,130 --> 00:00:12,810 As we have seen, network interfaces 4 00:00:12,810 --> 00:00:15,240 in firewalld are assigned to a zone, 5 00:00:15,240 --> 00:00:17,550 and the default zone is public. 6 00:00:17,550 --> 00:00:21,945 On multi-home service, using multiple zones is usual 7 00:00:21,945 --> 00:00:24,540 to ensure specific traffic types are allowed 8 00:00:24,540 --> 00:00:26,550 in specific environments only. 9 00:00:26,550 --> 00:00:28,740 Within a multi-home server is a server 10 00:00:28,740 --> 00:00:32,403 with multiple network carts and that's not very common 11 00:00:32,403 --> 00:00:35,424 but you should know how to deal with zones anyway. 12 00:00:35,424 --> 00:00:37,803 So let me run a short demo. 13 00:00:41,310 --> 00:00:44,263 So firewall-cmd --get-zones, 14 00:00:48,904 --> 00:00:52,922 showing all the zones that are available. 15 00:00:52,922 --> 00:00:57,922 Now if you use firewall-cmd --list-all-zones, 16 00:01:01,370 --> 00:01:03,330 then we get the configuration 17 00:01:03,330 --> 00:01:05,850 of all the zones that we've got. 18 00:01:05,850 --> 00:01:07,890 You can see for instance, trusted. 19 00:01:07,890 --> 00:01:08,910 That's very restricted. 20 00:01:08,910 --> 00:01:11,430 There is no services active by default. 21 00:01:11,430 --> 00:01:12,990 And there is work. 22 00:01:12,990 --> 00:01:16,581 Well, we do have services and that is how these zones 23 00:01:16,581 --> 00:01:19,740 are providing some default configuration. 24 00:01:19,740 --> 00:01:21,461 Here we have internal for instance. 25 00:01:21,461 --> 00:01:23,640 That's a little bit more that is going 26 00:01:23,640 --> 00:01:25,860 to be allowed by default. 27 00:01:25,860 --> 00:01:28,373 And that is what makes it easier for you to get started 28 00:01:28,373 --> 00:01:30,543 with a specific configuration. 29 00:01:31,650 --> 00:01:36,650 Now let's use firewall-cmd --list-all, 30 00:01:38,190 --> 00:01:40,260 which is printing the current configuration 31 00:01:40,260 --> 00:01:42,421 for all of the active zones. 32 00:01:42,421 --> 00:01:47,421 Now I am going to use firewall-cmd --get-default-zone, 33 00:01:49,049 --> 00:01:51,977 and that allows you to get the default zone, 34 00:01:51,977 --> 00:01:55,491 and if you want to, you can use set-default-zone 35 00:01:55,491 --> 00:01:58,579 to set it to something else. 36 00:01:58,579 --> 00:02:00,510 I don't want to set it to something else 37 00:02:00,510 --> 00:02:02,609 so I'm going to leave it without the argument. 38 00:02:02,609 --> 00:02:05,430 But here you need to provide an argument. 39 00:02:05,430 --> 00:02:06,300 Well, you know what? 40 00:02:06,300 --> 00:02:07,713 Internal for instance, 41 00:02:09,720 --> 00:02:14,720 and now we can see that the internal zone is default. 42 00:02:15,947 --> 00:02:19,170 Next, let's add something. 43 00:02:19,170 --> 00:02:23,933 firewall-cmd --add-service https. 44 00:02:25,770 --> 00:02:28,470 If you just do it like this, then the service will be added 45 00:02:28,470 --> 00:02:30,736 to the the current default zone. 46 00:02:30,736 --> 00:02:34,044 But on a system that is using multiple zones 47 00:02:34,044 --> 00:02:36,870 you can also specify the zone where you want 48 00:02:36,870 --> 00:02:38,667 to add this specific service. 49 00:02:38,667 --> 00:02:41,822 So we're using --zone dmz. 50 00:02:41,822 --> 00:02:45,264 We have added it to the dmz zone. 51 00:02:45,264 --> 00:02:47,970 Let's not forget, I want to get back 52 00:02:47,970 --> 00:02:50,520 to the public zone, which is the default 53 00:02:50,520 --> 00:02:52,833 and that's what I want for the next demo.