RH354 - ch07s02

Preface A: Introduction

Section A.1: RHEL 8 New Features for Experienced Linux Administrators

Section A.2: Orientation to the Classroom Environment

Chapter 1: Previewing Red Hat Enterprise Linux 8

Section 1.1: Red Hat Enterprise Linux 8 Overview

Section 1.2: Quiz: Red Hat Enterprise Linux 8 Overview

Section 1.3: Summary

Chapter 2: Installing or Upgrading to Red Hat Enterprise Linux 8

Section 2.1: Installing Red Hat Enterprise Linux 8

Section 2.2: Guided Exercise: Installing Red Hat Enterprise Linux 8

Section 2.3: Upgrading Servers to Red Hat Enterprise Linux 8

Section 2.4: Quiz: Upgrading Servers to Red Hat Enterprise Linux 8

Section 2.5: Lab: Installing or Upgrading to Red Hat Enterprise Linux 8

Section 2.6: Summary

Chapter 3: Provisioning and Configuring Servers

Section 3.1: Performing Package Management using Yum

Section 3.2: Guided Exercise: Performing Package Management with Yum

Section 3.3: Administering Servers with the Web Console

Section 3.4: Guided Exercise: Administering Servers with the Web Console

Section 3.5: Building System Images with Image Builder

Section 3.6: Guided Exercise: Building System Images with the Image Builder

Section 3.7: Automating with RHEL System Roles

Section 3.8: Guided Exercise: Automating with RHEL System Roles

Section 3.9: Lab: Provisioning and Configuring Servers

Section 3.10: Summary

Chapter 4: Adapting to Core System Changes

Section 4.1: Displaying the Desktop with Wayland and X

Section 4.2: Guided Exercise: Displaying the Desktop with Wayland and X

Section 4.3: Managing User Authentication with Authselect

Section 4.4: Guided Exercise: Managing User Authentication with Authselect

Section 4.5: Configuring NTP with Chrony

Section 4.6: Guided Exercise: Configuring NTP with Chrony

Section 4.7: Managing Python Versions in Red Hat Enterprise Linux 8

Section 4.8: Guided Exercise: Managing Python Versions in RHEL 8

Section 4.9: Lab: Adapting to Core System Changes

Section 4.10: Summary

Chapter 5: Implementing Storage Using New Features

Section 5.1: Managing Layered Storage with Stratis

Section 5.2: Guided Exercise: Managing Layered Storage with Stratis

Section 5.3: Compressing and Deduplicating Storage with VDO

Section 5.4: Guided Exercise: Compressing and Deduplicating Storage with VDO

Section 5.5: Administering NFS Enhancements

Section 5.6: Guided Exercise: Administering NFS Enhancements

Section 5.7: Lab: Implementing Storage Using New Features

Section 5.8: Summary

Chapter 6: Managing Containers with the New Runtime

Section 6.1: Deploying Containers with the New Container Runtime

Section 6.2: Guided Exercise: Deploying Containers with the New Container Runtime

Section 6.3: Lab: Managing Containers with the New Runtime

Section 6.4: Summary

Chapter 7: Implementing Enhanced Networking Features

Section 7.1: Managing Server Firewalls in RHEL 8

SectionSection 7.2: Guided Exercise: Managing Server Firewalls in RHEL 8

Section 7.3: Configuring Server Networking with NetworkManager

Section 7.4: Guided Exercise: Configuring Server Networking with NetworkManager

Section 7.5: Lab: Implementing Enhanced Networking Features

Section 7.6: Summary

Chapter 8: Adapting to Virtualization Improvements

Section 8.1: Configuring Virtual Machines

Section 8.2: Guided Exercise: Configuring Virtual Machines

Section 8.3: Lab: Adapting to Virtualization Improvements

Section 8.4: Summary

Bookmark this page

P 1 2 3 4 5 6 7 8

Guided Exercise: Managing Server Firewalls in RHEL 8

In this exercise, you will configure and test firewall rules that use the nftables back end.

Outcomes

In this exercise, you will configure and test firewall rules that use the nftables back end.

[student@workstation ~]$ ssh root@servera

Nftables basic usage and configuration.

List all tables currently active.

[root@servera ~]# nft list tables
table ip filter
table ip6 filter
...output omitted...

List all currently active chains.

[root@servera ~]# nft list chains
table ip filter {
  chain INPUT {
    type filter hook input priority 0; policy accept;
  }
  chain FORWARD {
    type filter hook forward priority 0; policy accept;
  }
  chain OUTPUT {
    type filter hook output priority 0; policy accept;
  }
}
table ip6 filter {
  chain INPUT {
    type filter hook input priority 0; policy accept;
  }
  chain FORWARD {
    type filter hook forward priority 0; policy accept;
  }
  chain OUTPUT {
    type filter hook output priority 0; policy accept;
  }
}
...output omitted...

Add a firewall rule allowing inbound HTTP.

[root@servera ~]# nft insert rule ip filter INPUT tcp dport http accept

List all chains for the table ip filter in order to locate the handle for the rule just added.

[root@servera ~]# nft list table ip filter -n -a
table ip filter { # handle 1
  chain INPUT { # handle 1
    type filter hook input priority 0; policy accept;
    tcp dport http accept # handle 4
  }
...output omitted...

Remove the rule currently allowing HTTP access using the handle.
```
[root@servera ~]# nft delete rule filter INPUT handle 4
```

Create a rule enabling access for multiple ports at the same time.

[root@servera ~]# nft insert rule ip filter INPUT \
> tcp dport { ssh, http, https, 8181 } accept

Set the INPUT chain default policy to drop all traffic not specifically accepted.

[root@servera ~]# nft add chain ip filter INPUT \
> { type filter hook input priority 0\; policy drop\; }

Remove rules added during this exercise.

Set the INPUT chain default policy to accept all traffic by default.

[root@servera ~]# nft add chain ip filter INPUT \
> { type filter hook input priority 0\; policy accept\; }

Find the handle and remove the rule currently allowing access for SSH, HTTP, HTTPS, and 8181.

[root@servera ~]# nft list table ip filter -n -a
table ip filter { # handle 1
  chain INPUT { # handle 1
    type filter hook input priority 0; policy accept;
    tcp dport { ssh, http, https, 8181 } accept # handle 6
  }
...output omitted...
[root@servera ~]# nft delete rule filter INPUT handle 6

Log off from servera.

[root@servera ~]# exit
Connection to servera closed.

This concludes the guided exercise.

Discuss RHEL 8 New Features for Experienced Linux Administrators

Go to community

Welcome to the Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators group!

cschunke

26 wrz 2023

We are excited to launch a space dedicated to the Red Hat Training course Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators! To gain the most value from this group - click the "Join Group" button in the upper right hand corner of the group home page.We encourage group members to collaborate in this group to discuss topics, ask questions, share best practices and tips, provide course feedback, and share their accomplishments as it relates to RH354.Read more about Red Hat Enterprise Linux 8 New Features for Experienced Linux Administrators here.

Revision: rh354-8.0-0e36520