Home

Firewalld

Introduction

System Service Control

Frequently used command

Save the changes

Zones

Add or Remove Servers

Manage ports

up

Introduction

firewalld is a firewall daemon developed by Red Hat. It uses nftables by default. From the project home page:

Firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces. It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets. There is a separation of runtime and permanent configuration options. It also provides an interface for services or applications to add firewall rules directly.

up

System Service Control

  1. Firewalld install:
    sudo dnf install firewalld
  2. Start the server:
    sudo systemctl start firewalld
  3. Run firewalld when the machine starts:
    sudo systemctl enable firewalld
  4. Get the status of the firewalld process:
    sudo systemctl status firewalld
  5. Stop the server:
    sudo systemctl stop firewalld
  6. Restart the server:
    sudo systemctl restart firewalld
up

Frequently used command

  1. Check the status of firewalld:
    sudo firewall-cmd --state
  2. Reload the configurations:
    sudo firewall-cmd --reload
  3. Check all your configurations and settings:
    sudo firewall-cmd --list-all
up

Save the changes

To save the changes, you should use the option "--permanent":
sudo firewall-cmd --permanent [the rest of your command]
Any of your changes without this option will be lost when you restart the whole firewalld server, or restart your machine.

up

Zones

Zone is a collection of default rules that can be applied to a specific interface. The details can be found here.

  1. Check the default zone:
    sudo firewall-cmd --get-default-zone
  2. To see which zones are active with interfaces:
    sudo firewall-cmd --get-active-zones
  3. Change the default zone:
    sudo firewall-cmd --set-default-zone=myzone
  4. Add change and remove a network interface to a zone respectively:
    sudo firewall-cmd --zone=myzone --add-interface=myinterface
    sudo firewall-cmd --zone=myzone --change-interface=myinterface
    sudo firewall-cmd --zone=myzone --remove-interface=myinterface
up

Add or Remove Servers

  1. List all active services in the public zone:
    sudo firewall-cmd --zone=public --list-services
  2. Add http service to the public zone:
    sudo firewall-cmd --zone=public --add-service=http
  3. Remove http service from the public zone:
    sudo firewall-cmd --zone=public --remove-service=http
up

Manage Ports

  1. List all open ports in the public zone:
    sudo firewall-cmd --zone=public --list-ports
  2. Add port 12345/tcp to the public zone:
    sudo firewall-cmd --zone=public --add-port=12345/tcp
  3. Remove 12345/udp from the public zone:
    sudo firewall-cmd --zone=public --remove-port=12345/udp