Firewalld: firewall-cmd example to drop packets from specific ip

Today I spotted some attempts to perform a zone transfer from one of the DNS servers I manage.  Given this is on CentOS 7 and therefore using by default Firewalld, I had a quick read of the documentation regarding how best to drop these attempts.

Here we go;

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="x.x.x.x" service name="dns" drop'

And that was all that was required.  Note that single quotes are used to contain the entire string.

Should you need some bed time reading, then I would highly recommend reading the following;

Getting started with firewalld

Change is one of those things, that without realising, can begin to get the better of you.  I realised this after I finally decided to take a look at firewalld.  The thought of having to learn a new way to do things when I was already happy with iptables meant that I kept putting it off.

Once you master the basic command options, you are away and it is for the most part self-explanatory.

So here are a few links to get you started;

Online LUN expansion (Step-by-Step)

As with many things in life, it is easy to outgrow the environment you find yourself in.  When looking a LUNs and using LVM we can easily accommodate resizing of the back end storage and transferring this through the to volume presented to your RHEL server.

Note. The following details presenting a brand new LUN to the server rather than trying to expand the existing underlying LUN, as I feel this is a safer option.

The following provides a rough guide to the steps require;

  • Create new LUN and export to server
  • Configure multipathing
  • Create partition and set it touseLVM
    • parted /dev/mapper/new_lun
    • parted> mklabel gpt
    • parted> mkpart new_name ext4 0% 100%
    • parted> set 1 lvm on
    • parted> q
  • Run pvcreate on raw device file /dev/mapper/whateverp1
  • Run vgextend vol_group pv_dev
  • Run pvmove old_pv_dev new_pv_dev (this step will take a long time if the LUN is huge)
  • Run vgreduce vg_name old_pv_dev
  • pvremove old_pv_dev
  • Run lvextend -l +100%FREE /dev/vol_group/logical_vol
  • Run resize2fs /dev/vol_group/logical_vol

If you now run `df -h` you should see the file system has grown to the size of the new LUN.

Getting to grips with SELinux

Having gotten my head (for the most part) around how SELinux works, or rather where it fits within the overall Red Hat Enterprise Linux picture, I spotted a post on a Linkedin group, which piqued my interest.

The post was with regards to a learning tool for SELinux.  Designed to help the reader understand the basics of SELinux.  And taking the approach that even a child should be able to learn SELinux (albeit whilst doing some colouring).

So for those interested in learning that SELinux can be childs play…


Thanks for stopping by and visiting my online home.

So, what can you expect from Well given my background in IT it will be safe to assume that it is going to be technology focused.

I have some great ideas to share over the coming months so make sure to bookmark or favourite my blog especially if you are passionate about Linux and more specifically Red Hat Enterprise Linux.

Till next time.