Firewalld task fail/help

hi community, hope everyone is safe and well.

I know there are multiple topics related to firewalld task but i could not find help in any on them (sorry if i missed something).

Since this is my first contact with Linux firewalls and firewalld in general.

  1. i checked the zone and it was public on all 3 app servers.
  2. nginx and httpd (apache) service was started and running properly.
  3. i did firewall-cmd --add-port=xxxx --permanent of nginx port for incoming access to the port itself (port is in the conf file if i am right?)
  4. lb access to httpd - do i add (append) the line Listen IP:port to the apache conf file (i could seem to install vim or any other editors like nano or emacs) or do i do it other way?

could someone more experienced comment what i did wrong and give some pointers for me?

When i finished the task i failed and it said LB cant access apache port.

P.S.
i got the same task 2 times in 2 days without even trying for the first time, is that a bug or?
P.P.S.
since i failed both of the tasks can i espect to get it some time soon or?

A big thanks to everyone taking the time and helping out a rookie in need.

Take care
Best
Ivan K.

@ikovacic
Hi, In the task they should have asked to make all rules permanent and also to allow incoming connections from LB host only on Apache port and block for rest. Have you done these steps? If you have screenshots it would be easier to identify.

@Lakshmi hi and thanks for the reply.
i have added this line to the conf file of apache “Listen IP:port” and appended it to the file.
did i needed to do it by applying some rule with firewall-cmd app or?
Sorry no screenshots, believe me i forgot to take one :frowning:
can you please just confirm i need to do this task with firewall-cmd and not to insert it to config of apache?
Also, adding of allowed port is ok?

Thank you

@ikovacic

Yes. you have to use firewall-cmd.
To allow incoming connections from LB host only on Apache port and block for rest:
Sudo firewall-cmd --zone=public --permanent --add-rich-rule=‘rule family=ipv4 source address=172.16.238.14 port protocol=tcp port=’ ’ accept’
You have to specify the port as asked in task

1 Like

Yes @ikovacic just firewall-cmd cmds, no config needed in httpd or nginx
and if you want to know more about the listening ports, just check the config files or check them with netstat tool by installing net-tools
after that u better check access from lb server with curl appserver:port that’s all

1 Like

thank you very much! i will wait for the task to come up again and try it

thanks very much @Goldenor, really appreciate the help!

1 Like

sudo firewall-cmd --zone=public --add-port=5004/tcp --permanent
sudo firewall-cmd --reload