1 00:00:00,000 --> 00:00:12,000 So let's get back to the original state and use Firewall-D on CentOS. 2 00:00:12,000 --> 00:00:23,000 First I need systemctl unmask Firewall-D and then I can use systemctl enable –now Firewall-D. 3 00:00:23,000 --> 00:00:33,000 Then we need to do what? Well, we need Firewall-CMD –listall, which is a good start to figure out what is allowed. 4 00:00:33,000 --> 00:00:40,000 And we can see that SSH is already there. We don't have HTTP and NTP. 5 00:00:40,000 --> 00:00:50,000 So Firewall-CMD –get-services –pipe-grab-ntp. 6 00:00:50,000 --> 00:00:56,000 There you can see the name is just NTP, that makes it easy, and HTTP. 7 00:00:56,000 --> 00:01:01,000 We have different HTTPS, but the question is specifically about HTTP, right? 8 00:01:01,000 --> 00:01:09,000 So Firewall-CMD –add-service-ntp –permanent. 9 00:01:09,000 --> 00:01:15,000 As you can see, you may, but you don't have to, put an equal sign between the add-service and the NTP. 10 00:01:15,000 --> 00:01:23,000 And then same for HTTP and Firewall-CMD –reload. 11 00:01:24,000 --> 00:01:30,000 But then the incoming traffic from address 20.00.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.6 and is blocked. 12 00:01:30,000 --> 00:01:34,000 That is what you need to do using RIDS rules. 13 00:01:34,000 --> 00:01:39,000 Now, if you ever want to work with the RIDS rules, there are two components. 14 00:01:39,000 --> 00:01:46,000 First, Firewall-CMD. – minus –help-pipe-grab-RIDS 15 00:01:46,000 --> 00:01:52,000 will show you that there is add RIDS rule –equals and then you have the lugar rule. 16 00:01:52,000 --> 00:02:00,000 Man-K-RIDS is telling you Firewall-D.RIDS-language. 17 00:02:00,000 --> 00:02:05,000 And I'm going to have a look at Firewall-D.RIDS-language. 18 00:02:05,000 --> 00:02:08,000 That has language examples. 19 00:02:08,000 --> 00:02:13,000 Go all the way down and there you can find examples. 20 00:02:13,000 --> 00:02:18,000 And here we can see an example and I like this example, 21 00:02:18,000 --> 00:02:22,000 which is going to drop all connections from a specific IP address. 22 00:02:22,000 --> 00:02:24,000 I can work with that. 23 00:02:24,000 --> 00:02:31,000 So based on that, I'm going to use Firewall-CMD. – minus –add-RIDS-rule-is 24 00:02:31,000 --> 00:02:35,000 and then between single quotes, we put the rule. 25 00:02:35,000 --> 00:02:39,000 And of course, I need to modify the rule, but rule family is IPv4. 26 00:02:39,000 --> 00:02:46,000 That sounds good. Source address is, well, you should guess that 10.0.20.0 27 00:02:46,000 --> 00:02:51,000 is what was asked for. 20.0.0 slash 16. 28 00:02:51,000 --> 00:02:55,000 It should be acceptable and, yay, that is a success. 29 00:02:55,000 --> 00:02:59,000 Let's not forget to add that to permanent as well, 30 00:02:59,000 --> 00:03:03,000 because otherwise, it won't survive a restart of your firewall. 31 00:03:03,000 --> 00:03:12,000 Now Firewall-CMD– reload and Firewall-CMD–list 32 00:03:12,000 --> 00:03:15,000 all should show you all your current configuration, 33 00:03:15,000 --> 00:03:17,000 including the rich rule that was just added. 34 00:03:17,000 --> 00:03:19,000 And that is what was needed for this lab.