Firewall Configuration Level 1 Linux KodeKloud Engineer Task Success

 Question:  The Nautilus system admins team has rolled out a web UI application for their backup utility on the Nautilus backup server within the Stratos Datacenter. This application operates on port 6100, and firewalld is active on the server. To meet operational needs, the following requirements have been identified:

Allow all incoming connections on port 6100/tcp. Ensure the zone is set to public.

Please Note :-  Perform the below commands based on your question server,  user name & other details that might differ. So please read the task carefully before executing it. All the Best 👍

Solution:  

1. Login  to respective mentioned Backup server in task & switch to root

Server Name	IP		User	Password	Purpose

stbkp01

172.16.238.16

clint

H@wk3y3

Nautilus Backup Server

thor@jump_host /$ ssh clint@stbkp01 The authenticity of host 'stbkp01 (172.16.238.16)' can't be established. ECDSA key fingerprint is SHA256:Xjz7ru79MR9gUT8iMrmq1pMHLgZrnyxt4LlkVFSqdBE. ECDSA key fingerprint is MD5:0b:4d:c4:29:4b:07:ef:6d:94:3a:7f:20:a8:0b:a1:e1. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'stbkp01,172.16.238.16' (ECDSA) to the list of known hosts. clint@stbkp01's password: [clint@stbkp01 ~]$ sudo su -  We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:      #1) Respect the privacy of others.     #2) Think before you type.     #3) With great power comes great responsibility.  [sudo] password for clint: [root@stbkp01 ~]#

2.  1st check firewalld service status and existing rules for public zone

[root@stbkp01 ~]# firewall-cmd --zone=public --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client ssh   ports:   protocols:   masquerade: no   forward-ports:   source-ports:   icmp-blocks:   rich rules:  [root@stbkp01 ~]#

3.  According to your task check the application port and add the below rule.

    

[root@stbkp01 ~]# firewall-cmd  --permanent --zone=public --add-port=6100/tcp success [root@stbkp01 ~]#

4.  Reload the firewall rules & restart the firewall services.     

[root@stbkp01 ~]# firewall-cmd --reload success [root@stbkp01 ~]# [root@stbkp01 ~]# systemctl restart firewalld [root@stbkp01 ~]#

5.  Validate firewall rule implemented successfully as per the task request      

[root@stbkp01 ~]# firewall-cmd --zone=public --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client ssh   ports: 6100/tcp   protocols:   masquerade: no   forward-ports:   source-ports:   icmp-blocks:   rich rules: [root@stbkp01 ~]#

6.  Click on Finish & Confirm to complete the task successful

Happy Learning!!!!

Apart from this if you need more clarity,  I have made a  tutorial video on this , please go through and share your comments. Like and share the knowledge