Firewalld is the new way of interacting with the iptables rules in RHEL 7. It allows to set new sucurity rules and activate them in runtime without disconnecting any existing connections.
Managing firewalld
# firewall-cmd --state -- Display whether service is running # systemctl status firewalld -- Another command to display status of service # systemctl restart firewall-cmd -- To restart service # firewall-cmd --reload -- To reload the permanent rules without interrupting existing persistent connections
To start/stop/status firewalld service
# systemctl start firewalld.service # systemctl stop firewalld.service # systemctl status firewalld.service
To enable/disable firewalld service at boot time
To enable firewalld service from starting at boot time.
# systemctl enable firewalld
To disable firewalld service from starting at boot time.
# systemctl disable firewalld
To list details of default and active zones
# firewall-cmd --get-default-zone # firewall-cmd --get-active-zones # firewall-cmd --list-all
To add/remove interfaces to zones
To add interface “eth1” to “public” zone.
# firewall-cmd --zone=public --change-interface=eth1
To list/add/remove services to zones
To list available services :
# firewall-cmd --get-services
To add “samba and samba-client” service to a specific zone. You may include, “permanent” flag to make this permanent change.
# firewall-cmd --zone=public --add-service=samba --add-service=samba-client --permanent
To list services configured in a specific zone.
# firewall-cmd --zone=public --list-service
To list and Add ports to firewall
# firewall-cmd --list-ports
# firewall-cmd --zone=public --add-port=5000/tcp
Note:
You may restart the Network service followed by Firewall server.
# systemctl restart network.service # systemctl restart firewalld.service