Red hat linux

Firewalld Cheat Sheet

Prabath ThalangamaComment(0)

Notes and Tips

  • To list all services firewalld is aware in an easy to read format use command firewall-cmd --get-services | tr " " "\n"
  • Default firewalld service .xml files can be found under /usr/lib/firewalld/services
  • For all commands that support the --zone= option if no zone is provided it will use the default zone.
  • To make changes persistent add the --permanent option to your commands.
  • After changes are made you must run firewall-cmd --reload for changes to be loaded.
COMMAND DESCRIPTION
firewall-cmd --get-default-zone Show default zone
firewall-cmd --set-default-zone=zone Set the default zone
firewall-cmd --get-zones List all available zones.
firewall-cmd --get-active-zones List all active zones
firewall-cmd --get-services List all services firewalld is aware of
firewall-cmd --add-source=CIDR [--zone=zone] Route all traffic coming from the IP address or network/netmask to the specified zone.
firewall-cmd --remove-source=CIDR [--zone=zone] Remove the rule routing all traffic from the zone coming from the IP address or network/netmask network.
firewall-cmd --add-interface=interface [--zone=zone] Route all traffic coming from interface to the specified zone.
firewall-cmd --change-interface=interface [--zone=zone] Associate the interface with zone instead of its current zone.
firewall-cmd --list-all [--zone=zone] List all configured interfaces, sources, services, and ports for zone.
firewall-cmd --list-all-zones Retrieve all information for all zones (interfaces, sources, ports, services).
firewall-cmd --add-service=service [--zone=zone] Allow traffic to service.
firewall-cmd --add-port=port/protocol [--zone=zone] Allow traffic to the port/protocol port.
firewall-cmd --remove-service=service [--zone=zone] Remove service from allowed list for the zone.
firewall-cmd --remove-port=port/protocol [--zone=zone] Remove the port/protocol ports from the allowed list for the zone.
firewall-cmd --reload Drop the runtime configuration and apply the persistent configuration.
Prabath Thalangama
Web : sysadmin.lkEmail : inbox [at] sysadmin.lkLinkedin : https://www.linkedin.com/in/prabathtFacebook : https://www.facebook.com/prabath.hinoize

Related Articles
Red hat linux

Create Permanent alias on CentOS/Redhat

Prabath Thalangama

The ‘alias’ command in CentOS allows for you to create an alias to a command. For example, if you want to use the vim text editor, but are used to typing vi file-to-edit.txt, you can create an alias to automatically start vim instead of vi when typing the command. Showing current aliases To show the […]
Red hat linux Web Hosting

Installation of KLOXO Hosting Panel with DKIM and SPF

Prabath Thalangama

An easy to follow guide to install DKIM on CentOS 5.x Linux mail servers using qmailtoaster and kloxo/lxadmin. help prevent outgoing emails from your email servers winding up in someone’s spam box. KLOXO instalation guide su – root setenforce 0 su – root yum install -y wget wget http://download.lxcenter.org/download/kloxo/production/kloxo-installer.sh #To install as Master (Default Single […]
Red hat linux

Setting up the Basic High-Availability Cluster on Centos/RHEL 7

Prabath Thalangama

Networking: We have two nodes that are reachable by below Networks: 10.1.1.0/24 : Cluster heartbeat vlan. 172.16.1.0/24 : LAN with access to the Internal LAN network and Internet. We have set the following hostnames: [master ~]# hostnamectl set-hostname master.sysadmin.lk [client ~]# hostnamectl set-hostname client.sysadmin.lk We defined the Hostname and IP Address in “/etc/hosts” file(On both […]

Leave a Reply

Your email address will not be published. Required fields are marked *