• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Firewalld Command line Reference (Cheat Sheet)

by admin

firewalld is the default method in Red Hat Enterprise Linux 7 for managing host-level firewalls. Started from the firewalld. service systemd service, firewalld manages the Linux kernel netfilter subsystem using the low-level iptables, ip6tables, and ebtables commands.

Default Configuration of firewalld Zones

Zone name Default configuration
trusted Allow all incoming traffic.
home Reject incoming traffic unless related to outgoing traffic or matching the ssh, mdns, ipp-client, samba-client, or dhcpv6-client predefined services.
internal Reject incoming traffic unless related to outgoing traffic or matching the ssh, mdns, ipp-client, samba-client, or dhcpv6-client predefined services (same as the home zone to start with).
work Reject incoming traffic unless related to outgoing traffic or matching the ssh, ipp – client, or dhcpv6 – client predefined services.
public Reject incoming traffic unless related to outgoing traffic or matching the ssh or dhcpv6 – client predefined services. The default zone for newly added network interfaces
external Reject incoming traffic unless related to outgoing traffic or matching the ssh predefined service. Outgoing 1Pv4 traffic forwarded through this zone is masqueraded to look like it originated from the 1Pv4 address of the outgoing network interface.
dmz Reject incoming traffic unless related to outgoing traffic or matching the ssh predefined service.
block Reject all incoming traffic unless related to outgoing traffic.
drop Drop all incoming traffic unless related to outgoing traffic (do not even respond with ICMP errors).

Firewalld Commandline reference

firewall -cmd Commands Explanation
–get-default-zone Query the current default zone.
–set-default-zone=[ZONE] Set the default zone. This changes both the runtime and the permanent configuration.
–get-zones List all available zones.
–get-services List all predefined services.
–get-active-zones List all zones currently in use (have an interface or source tied to them), along with their interface and source information.
–add-source=[CIDR] [ –zone=[ZONE] Route all traffic coming from the IP address or network/netmask [CIDR] to the specified zone. If no –zone= option is provided, the default zone will be used.
–remove-source=[CIDR] [ –zone=[ZONE] Remove the rule routing all traffic coming from the IP address or network/netmask [CIDR] from the specified zone. If no –zone= option is provided, the default zone will be used.
–add-interface=[INTERFACE] [ –zone=[ZONE] Route all traffic coming from [INTERFACE] to the specified zone. If no –zone= option is provided, the default zone will be used.
–change -interface=[INTERFACE] [–zone=[ZONE] Associate the interface with [ZONE] instead of its current zone. If no –zone= option is provided, the default zone will be used.
–list-all [–zone=[ZONE]] Listallconfiguredinterfaces, sources, services, and ports for [ZONE]. If no –zone= option is provided, the default zone will be used.
–list-all-zones Retrieve all information for all zones (interfaces, sources, ports, services, etc.).
–add-service=[SERVICE] Allow traffic to [SERVICE]. If no –zone= option is provided, the default zone will be used.
–add-port=[PORT/PROTOCOL] Allow traffic to the [PORT/ PROTOCOL] port(s). If no –zone= option is provided, the default zone will be used.
–remove-service=[SERVICE] Remove [SERVICE] from the allowed list for the zone. If no –zone= option is provided, the default zone will be used.
–remove-port=[PORT/PROTOCOL] Remove the [PORT/PROTOCOL] port(s) from the allowed list for the zone. If no –zone= option is provided, the default zone will be used.
–reload Drop the runtime configuration and apply the persistent configuration.

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. dig: command not found
  2. Medusa Command Examples in Linux
  3. How to Change the Default Timeout Settings for Telnet Session in CentOS/RHEL
  4. CentOS/RHEL 8: “ACPI MEMORY OR I/O RESET_REG” Server Hung after reboot
  5. uflash: command not found
  6. macchanger: command not found
  7. How to Hot-add and Remove Logical Memory in CentOS/RHEL 7
  8. resize2fs: commnd not found
  9. How to add or delete a samba user under Linux
  10. dpkg-query Command Examples in Linux

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright