Book Image

Learning RHEL Networking

By : Andrew Mallett, Adam Miller
Book Image

Learning RHEL Networking

By: Andrew Mallett, Adam Miller

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Learning RHEL Networking
Andrew Mallett | Adam Miller
Jun, 2015 | 216 pages
No titles found
Table of Contents (18 chapters)
Learning RHEL Networking
Learning RHEL Networking
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Introducing Enterprise Linux 7
Introducing Enterprise Linux 7
Red Hat Enterprise Linux
CentOS
Fedora
Determining your distribution and version
Summary
2
Configuring Network Settings
Configuring Network Settings
Elevating privileges
Using ip and hostnamectl
Introduction to the Red Hat NetworkManager
Interacting with the NetworkManager using the Control Center
Adding a new profile with the Control Center
Interacting with the NetworkManager using nmtui
Extreme interaction with NetworkManager using nmcli
Summary
3
Configuring Key Network Services
Configuring Key Network Services
Domain Name System
Configuring a DHCP server
Configuring time services on RHEL 7
Implementing e-mail delivery on RHEL 7
Summary
4
Implementing iSCSI SANs
Implementing iSCSI SANs
The iSCSI target (server)
Managing logical volumes with LVM
Installing the targetd service and targetcli tools
Managing iSCSI targets with targetcli
Creating iSCSI targets
Working with the iSCSI Initiator
Summary
5
Implementing btrfs
Implementing btrfs
Overview of btrfs
Overview of the lab environment
Installing btrfs
Creating the btrfs filesystem
The Copy-On-Write technology
Resizing btrfs filesystems
Adding devices to the btrfs filesystem
Balancing the btrfs filesystem
Mounting multidisk btrfs volumes from /etc/fstab
Using btrfs snapshots
Optimizing btrfs for solid state drives
Managing snapshots with snapper
Summary
6
File Sharing with NFS
File Sharing with NFS
An overview of NFS
Overview of the lab environment
The NFS server configuration
Using exportfs to create temporary exports
Hosting NFSv4 behind a firewall
Hosting NFSv3 behind a firewall
Auto-mounting NFS with autofs
Summary
7
Implementing Windows Shares with Samba 4
Implementing Windows Shares with Samba 4
An overview of Samba and Samba services
An overview of the lab environment
Configuring time and DNS
Managing Samba services
The Samba client on RHEL 7
Configuring file shares in Samba
Troubleshooting Samba
Summary
8
Integrating RHEL 7 into Microsoft Active Directory Domains
Integrating RHEL 7 into Microsoft Active Directory Domains
Overview of identity management
An overview of the lab environment
Preparing to join an Active Directory domain
Using realm to manage domain enrolment
Logging on to RHEL 7 using Active Directory credentials
User and group management with adcli
Delegating Active Directory accounts with sudo
Leaving a domain
Understanding Active Directory as an identity provider for sssd
Summary
9
Deploying the Apache HTTPD Server
Deploying the Apache HTTPD Server
Configuring the httpd service
Controlling the Apache web service
Loading modules
Virtual servers
Automating virtual hosts
Summary
10
Securing the System with SELinux
Securing the System with SELinux
What is SELinux
Understanding SELinux
Working with the targeted policy type
SELinux tools
Troubleshooting SELinux
Summary
11
Network Security with firewalld
Network Security with firewalld
The firewall status
Routing
Zone management
Source management
Firewall rules using services
Firewall rules using ports
Masquerading and Network Address Translation
Using rich rules
Implementing direct rules
Summary
Index
Index

Using rich rules

The firewalld rich language allows an administrator to easily configure more complex firewall rules without having knowledge of the iptables syntax. This can include logging and examination of the source address.

To add a rule to allow NTP connection on the default zone, but logging the connection at no more than 1 per minute, use the following command:

# firewall-cmd --permanent \
--add-rich-rule='rule service name="ntp" audit limit value="1/m" accept'
# firewall-cmd --reload

Similarly, we can add a rule that only allows access to the squid service from one subnet only:

# firewall-cmd --permanent \
--add-rich-rule='rule family="ipv4" \ 
source address="192.166.0.0/24" service name="squid" accept'
# firewall-cmd --reload

From the following screenshot, we can see the rich rule being added:

Note

The Fedora project maintains the documentation for rich rules in firewalld and these can be accessed at https://fedoraproject.org/wiki/Features/FirewalldRichLanguage should you need...

Previous Section
End of Section 9
Next Section