Used to set redpesk firewall rules, firewallD offers a lot of possibilities. In this case, we will use it to configure the ports needed for the micro-services and the network routing between your local PC and the board (like a router) to give Internet access.
Tip: remove the --permanent flag to try the config without saving.
firewall-cmd --permanent --zone=public --add-port=80/tcp
firewall-cmd --reloadThe goal is to give Internet access to your PC. For that, we'll use the 4G from the Phytec board. The board will operate like a "router" which forwards all the network traffic.
-
First step, please set a fix IP on your local port (Ethernet) and the board port. The goal is to have the same network to establish the communication between both interfaces (NB: better is to use the link-local but it's more complicate to use what we want with this feature)
-
Then you can choose the FirewallD areas you want to use (it's easy to list them with the
firewall-cmd --list-all-zonescommand). For our demonstration purpose, we'll use theworkandexternalareas. Theeth0interface is the PC interface and thewlan0my WiFi interface.
firewall-cmd --permanent --zone=work --add-interface=eth0
firewall-cmd --permanent --zone=external --add-interface=wlan0- Don't forget to check that the routing option is enabled on the Phytec board!
[root@phytec-power ~]# cat /proc/sys/net/ipv4/ip_forward
1- Last step is the policies setup to rule how the traffic is configured.
firewall-cmd --permanent --new-policy policyA
firewall-cmd --permanent --policy policyA --add-ingress-zone external
firewall-cmd --permanent --new-policy policyB
firewall-cmd --permanent --policy policyB --add-ingress-zone work
firewall-cmd --permanent --policy policyB --add-egress-zone external
firewall-cmd --reloadThen allow the ICMP protocol to be forwarded through the firewall:
firewall-cmd --permanent --policy policyB --add-protocol icmp
firewall-cmd --reloadSource : https://firewalld.org/2020/09/policy-objects-introduction