brandon/oam
1
0
Fork 0
mirror of https://gitea.com/mcereda/oam.git synced 2026-02-09 05:44:23 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7a60b9ab7a82381013beeeea18a6973bf4326010
oam/knowledge base/firewalld.md
Michele Cereda 10cac45a7d Separated further readings from sources
2022-05-01 11:03:32 +02:00

2.7 KiB
Raw Blame History

Firewalld

Firewalld is a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces. It has support for IPv4, IPv6, firewall settings, ethernet bridges and IP sets. It also offers separation of runtime and permanent configuration options.

It is the default firewall management tool for:

  • RHEL and CentOS 7 and newer
  • Fedora 18 and newer
  • (Open)SUSE 15 and newer

TL;DR

# Show which zone is currently selected as the default.
firewall-cmd --get-default-zone

# List all available zones.
firewall-cmd --get-zones
firewall-cmd --get-zones --permanent

# List the currently active zones only.
firewall-cmd --get-active-zones

# Print the default zone's configuration.
firewall-config --list-all

# Change the default zone.
sudo firewall-cmd --set-default-zone=home

# Change an interface's zone assignment.
sudo firewall-cmd --zone=home --change-interface=eth0

# List the available service definitions.
firewall-cmd --get-services

# List the allowed services in a zone.
sudo firewall-cmd --list-services
sudo firewall-cmd --list-services --zone=public
sudo firewall-cmd --list-services --permanent

# Temporarily allow services.
sudo firewall-cmd --add-service=http
sudo firewall-cmd --add-service=ssh --zone=public

# Permanently allow services.
sudo firewall-cmd --add-service=ssh --permanent
sudo firewall-cmd --add-service=https --zone=public --permanent

# List the open ports in a zone.
sudo firewall-cmd --list-ports
sudo firewall-cmd --list-ports --zone=public
sudo firewall-cmd --list-ports --permanent

# Temporarily open specific ports.
sudo firewall-cmd --add-port=1978/tcp
sudo firewall-cmd --add-port=4990-4999/udp --zone=public

# Permanently open specific ports.
sudo firewall-cmd --add-port=22/tcp --permanent
sudo firewall-cmd --add-port=4990-4999/udp --zone=public --permanent

# Close an open port.
sudo firewall-cmd --add-port=1978/tcp
sudo firewall-cmd --add-port=1978/tcp --zone=public

# Create a new zone.
sudo firewall-cmd --new-zone=publicweb --permanent

# Make changes permament.
sudo firewall-cmd --runtime-to-permanent

# Reload the firewall.
sudo firewall-cmd --reload

Further readings

Sources