Control Access to Zone Services

Cockpit administrators can control access to zone services by either adding access to a new service or removing access from an existing service. Configuration properties for adding or removing access to zone services are easily configurable using the Networking page in the web console.

What Do You Need?

• The Cockpit web console must be installed and accessible.

  For details, see these topics: Install and Enable Cockpit and Log in to the Cockpit Web Console.

• The cockpit-networkmanager package is installed. Typically, this package is installed by default. For package installation details, see Install and Manage Add-on Applications.
• Administrator privileges.

Steps

Using the Cockpit web console, follow these steps to add or remove access to zone services.

1. In the Networking page, find the Firewall panel and click Edit rules and zones.

   The names for the allowed services appear in a table under each Zone name.

   Note:

   For single-zone systems, only one zone name appears.
2. In the table, find the zone configuration you want to edit, and perform any of the following actions:
   • Remove existing service access
     1. In the allowed services section of the zone information, find the name of the service.
     2. Click the actions [⋮] menu (associated with the service name to be removed) and select Delete.

        The selected service is removed from the allowed service list that appears under the Zone name.

   • Add access to a new service
     1. Click Add Services.

        The dialog for Add services to zone appears. This dialog provides a list services that are available to add to the current zone configuration.

     2. In the Add services to zone dialog, perform one of the following:
        • Click Services to add services using standard ports.
          Select the individual check boxes for the host system services that you want to add.

          Note:

          Zone services assigned to standard ports are, by default, opened to accept traffic.
        • Click Custom ports to add a service using custom port.
          Enter the following information:

          Property	Description
          TCP or UDP	Enter comma separated ports, ranges, and service accepted. Example: 22,SSH,80:80,5900-5910
          ID	The ID field automatically generates a custom ID based on the information entered in the TCP or UDP fields. Example: custom--ssh-ssh-5900-5910
          Description	Enter a description for the accepted service and its custom port numbers.

          Caution:

          Adding a service with custom ports can automatically reload the firewalld service, which can result in the loss of the runtime configurations.
     3. Click Add.

        The selected services and their associated ports appear in the allowed service access list under the Zone name.