Linux Firewalld Setup - Failed again

Please help me to understand the question:

cat /etc/httpd/conf/httpd.conf | grep Listen
yum install firewalld -y
systemctl start firewalld && systemctl enable firewalld && systemctl status firewalld
firewall-cmd --state && firewall-cmd --reload

sudo firewall-cmd --permanent --zone=public --add-port=8080/tcp
sudo firewall-cmd --reload
sudo systemctl restart firewalld
sudo firewall-cmd --zone=public --list-all
systemctl status nginx && systemctl status httpd

Did u allow nginx port and add LoadBalancer rich rule in the firewalld.

I did the same:

@Inderpreet … nginx service is running on stapp01, still it says nginx is not reachable on app server 1

firewall-cmd --zone=public --add-port=8098/tcp --permanent #Nginx
firewall-cmd --permanent --zone=public --add-service=https
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“” port port=3000 protocol=tcp accept’ #Forward traffic from LB to Apache

Dont forget to add the interface
firewall-cmd --permanent --zone=public --change-interface=eth0

Validate your configuration
firewall-cmd --get-active-zones
firewall-cmd --zone=public --list-all

Hi @Inderpreet I’m facing issue with the lab while doing the firewalld task
The service isn’t starting.

Db exception can be fixed by restarting below services

sudo systemctl restart dbus
sudo systemctl restart firewalld
1 Like

Try with this command iptables -F, its working for me, and just try to connect after using this command.

Hi @ramith

i get an error when run last command (apache)

Could you please help me how to fix this.

@yogendra you have to add a rich rule as I have mentioned :slight_smile:
firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=“ipv4” source address=“” port port=5003 protocol=tcp accept’

Hi ramith,

I get errors when running rich rule command:

is there something wrong with the command, i’m unable to complete this step

I’ve had problems with single quote character

Try firewall-cmd --permanent --zone=public --add-rich-rule=‘rule family=ipv4 source address= port port=<apache_port> protocol=tcp accept’