firewall-cmd --zone=external --add-interface=enp2s0f0 --permanent
firewall-cmd --zone=internal --add-interface=eno1 --permanent
firewall-cmd --set-default-zone=external
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
firewall-cmd --get-default-zone
firewall-cmd --get-active-zones
firewall-cmd --new-policy bridge --permanent
firewall-cmd --reload
firewall-cmd --policy bridge --add-ingress-zone=internal --permanent
firewall-cmd --policy bridge --add-egress-zone=external --permanent
firewall-cmd --policy bridge --set-target=ACCEPT --permanent
firewall-cmd --reload
firewall-cmd --info-policy bridge
firewall-cmd --runtime-to-permanent
Setup port forwarding
firewall-cmd --add-forward-port=port=80:proto=tcp:toport=80:toaddr=10.9.8.10
firewall-cmd --add-forward-port=port=443:proto=tcp:toport=443:toaddr=10.9.8.10
firewall-cmd --add-forward-port=port=9090:proto=tcp:toport=9090:toaddr=10.9.8.10
firewall-cmd --add-forward-port=port=9000:proto=tcp:toport=9000:toaddr=10.9.8.10
Save and reload to enable port forwarding changes.
firewall-cmd --runtime-to-permanent
firewall-cmd --reload
firewall-cmd --info-policy bridge
firewall-cmd --get-active-zones
firewall-cmd --get-active-interfaces
Should look like this:
bridge (active)
priority: -1
target: ACCEPT
ingress-zones: internal
egress-zones: external
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules: