***********************************************************************************
* Description: RHEL integrated firewall causing Oracle database connection timeout
* Date: 11:27 PM EST, 11/12/2017
***********************************************************************************

		 
<1> Oracle database connection being blocked by "TNS-12170: connection timeout" error:
     |
     |__ o. The database is based on AWS cloud EC2 environment.
     |
     |__ o. Security group and ACL are being configured correctly with port 1521 open.
     |
     |__ o. The cause is Red Hat integrated firewall up, which only allows SSH traffic inbound/outbound.
	 
	
	
<2> Confirm if firewall running:
     |
     |__ $ sudo su - 
     |
     |__ $ systemctl status firewalld.service
	 
             firewalld.service - firewalld - dynamic firewall daemon
			   
               Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
               Active: active (running) since Thu 2017-11-02 17:29:13 EDT; 1 weeks 0 days ago
                 Docs: man:firewalld(1)
             Main PID: 835 (firewalld)
               CGroup: /system.slice/firewalld.service
                         |__ 835 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

                         Nov 02 17:29:13 ip-172-31-31-109.ec2.internal systemd[1]: Starting firewalld - dynamic firewall daemon...
                         Nov 02 17:29:13 ip-172-31-31-109.ec2.internal systemd[1]: Started firewalld - dynamic firewall daemon.
                         Nov 02 17:29:14 ip-172-31-31-109.ec2.internal firewalld[835]: WARNING: ICMP type 'beyond-scope' is not supported by the kernel for ipv6.
                         Nov 02 17:29:14 ip-172-31-31-109.ec2.internal firewalld[835]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
                         Nov 02 17:29:14 ip-172-31-31-109.ec2.internal firewalld[835]: WARNING: ICMP type 'failed-policy' is not supported by the kernel for ipv6.
                         Nov 02 17:29:14 ip-172-31-31-109.ec2.internal firewalld[835]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.
                         Nov 02 17:29:14 ip-172-31-31-109.ec2.internal firewalld[835]: WARNING: ICMP type 'reject-route' is not supported by the kernel for ipv6.
                         Nov 02 17:29:14 ip-172-31-31-109.ec2.internal firewalld[835]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP type., ignoring for run-time.


						 
<3> Checking firewall state:	
     |
     |__ $ sudo su -
     |
     |__ $ firewall-cmd --query-lockdown
     |
     |        no
     |
     |__ $ firewall-cmd --state
     | 
     |        running
     |
     |__ $ firewall-cmd --list-all

              public (active)
              target: default
              icmp-block-inversion: no
              interfaces: eth0
              sources:
              services: dhcpv6-client ssh        <<<<<<<<<< Only SSH port 22 open. Firewall is blocking port 1521 for Oracle database connection.
              ports:
              protocols:
              masquerade: no
              forward-ports:
              source-ports:
              icmp-blocks:
              rich rules:
	 
						 
						 

<4> Stopping/disabling firewall:
     |
     |__ $ sudo su -	 
     |
     |__ $ systemctl stop firewalld.service
     |
     |__ $ systemctl disable firewalld.service
	 
             Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
             Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

	 
<5> Firewall manual:
     |
     |__ $ firewall-cmd --help

	
	
<6> Reference:
     |
     |__ https://docs.eucalyptus.com/eucalyptus/4.3/install-guide/rhel7_disable_firewalld.html