This is really useful if we want to start firewalld via ssh. If we start firewalld without allowing ssh, we will be locked out from the machine.
The solution is, to use a command called firewall-offline-cmd. This tool acts similarly with firewal-cmd, except it works during the daemon is dead.
To avoid being locked out of a remotely accessed, we should first allow ssh in firewalld
$ sudo firewall-offline-cmd --add-service ssh
We are now safe to start firewalld
$ sudo systemctl start firewalld
Once started, we can make the rule permanent on firewalld restart
$ sudo firewall-cmd --add-service ssh --permanent
Make firewalld start automatically on every server boot
$ sudo systemctl enable firewalld
No comments:
Post a Comment