How to manage Firewall on RHEL 7/8

In RHEL 7, a new firewall solution called Firewalld was introduced. Iptables serive no longer offer in RHEL 8

Firewalld is a dynamic firewall manager which used the iptables command to configure netfilter directly, as an improved alternative to the iptables service.

Firewalld Default Zone

  • drop: All incoming packets are dropped and there is no reply
  • block: Reject incoming traffic
  • public: Represents public, untrusted networks. You don’t trust other computers but may allow selected incoming connections on a case-by-case basis. This is the default zone for all the newly created network interface.
  • external: External networks in the event that you are using the firewall as your gateway. It is configured for NAT masquerading so that your internal network remains private but reachable.
  • internal: The other side of the external zone, used for the internal network. Computer on same network are trusted, and only selected incoming connections are accepted.
  • dmz: Used in DMZ zone. Only selected incoming connections are allowed.
  • work: Used for work machines. Most compute on the same network are trusted, and only selected incoming connections are accepted.
  • home: A home environment. It generally implies that you trust most of the other computers and that a few more services will be accepted.
  • trusted: All network connection are accepted
Continue reading

RedHat 7/8 – How to mount/unmount CD/DVD ROM

In most of the time, we need to install the software from the CD ROM. Before you start the use the CD ROM, you need mount it.

To do so, just follow below steps:-

i) Identify the CD ROM is detected by the OS or not, use blkid command to view attributes of block devices that are on your system.

As you can see, /dev/sr0 already mounted the ISO image.

Continue reading

RedHat 7/8 – SSH Key-Based Authentication

You can configure an SSH Server to allow you to authenticate without an password by using key-based authentication (private-public key)

To do this, you will need to generate a matched pair of cryptographic key files (Private and public key). The private key file is used as authentication credential (like a password), public key is copied to the destination server that you want to connect to, and is used to verify the private key.

To create a key pair, use the ssh-keygen command. By default, private key (id_rsa) and public key (id_rsa.pub) will save at your home directory .ssh folder (~/.ssh/)

Continue reading