add rule to firewalld in Centos7 to allow all traffic from a server

Question

I have a small cluster with Centos7. I'm trying how to use the new firewalld.

I need a rule to allow all traffic between those servers. I was able to do it with:

sudo iptables -A INPUT -s [hostname] -j ACCEPT 

and it worked. But now I have to use firewall-cmd because of Centos 7. How can I add a rule to allow all traffic between my nodes? I'm trying to run MPI on them but the firewalld is rejecting the connection so the solution I thought of came to this.

My current firewall-cmd configuration is:

$ firewall-cmd --list-all
work (default, active)
  interfaces: eno1
  sources:
  services: dhcpv6-client ipp-client ssh
  ports:
  masquerade: no
  forward-ports:
  icmp-blocks:
  rich rules:

Answer 1

I tried to add source using this:

sudo firewall-cmd --permanent --zone=work --add-source=[host_IP]

But still couldn't make the MPI application run correctly. Then decided that the only way to enable MPI on this cluster is to make a rule to accept all traffic between the nodes. I ran those 2 commands.

sudo firewall-cmd --permanent --direct --add-rule ipv4 filter INPUT 0 -s  [server+IP] -j ACCEPT

firewall-cmd --reload

and it worked like a charm.Not sure if this is the best solution security wise though.

Answer 2

Firstly check which zone your firewall is using ATM:

firewall-cmd --get-active-zones

Then try the following:

firewall-cmd --zone=public --add-port=80/tcp --permanent

Don't forget to replace the zone and the port with the one you are looking for. After that you need to reload the firewall:

firewall-cmd --reload

This should solve your issue. For further commands use the --help or Google.