The firewall-cmd command enables you to configure firewalld by querying, adding, modifying, and deleting zones and services as desired. Because firewalld is the default firewall service for many Linux distributions, including Red Hat® Enterprise Linux® and CentOS®, you will be using the firewall-cmd command regularly. The command includes options to identify which zone and which interface you want to configure, as well as the ability to permit services by name or by port number.
Syntax
The syntax of the firewall-cmd command is:
# firewall-cmd [options]
firewall-cmd Command Examples
1. View the available firewall zones:
# firewall-cmd --get-active-zones
2. View the rules which are currently applied:
# firewall-cmd --list-all
3. Permanently move the interface into the block zone, effectively blocking all communication:
# firewall-cmd --permanent --zone=block --change-interface=enp1s0
4. Permanently open the port for a service in the specified zone (like port 443 when in the `public` zone):
# firewall-cmd --permanent --zone=public --add-service=https
5. Permanently close the port for a service in the specified zone (like port 80 when in the `public` zone):
# firewall-cmd --permanent --zone=public --remove-service=http
6. Permanently open two arbitrary ports in the specified zone:
# firewall-cmd --permanent --zone=public --add-port=25565/tcp --add-port=19132/udp
7. Reload firewalld to force rule changes to take effect:
# firewall-cmd --reload
Making Changes Permanent
Like iptables, firewalld does not persist its changes by default. This is called runtime mode. You must commit a change with the –permanent option for it to persist upon restart of the daemon.