RHCE Objective: Use firewalld and associated mechanisms such as rich rules, zones, and custom rules, to implement packet filtering and configure network address translation (NAT).
http://www.certdepot.net/rhel7-get-started-firewalld/
This is clearly necessary to pass the exam so we’ll just have to dig in. In my current shop, we don’t have firewalls on servers and depend on external firewall and zone management.
Status:
Standard commands to check firewalld; systemctl status firewalld
If you have a multi-homed environment, you’ll need to set up net.ipv4.ip_forward=1 in /etc/sysctl.conf
Zones:
With a bastion host (for example), you’ll have a public facing interface and an interface that you as an admin can log in to. You can use the default (or public) zone or create a new zone for admin traffic (management zone).