Firewalld Quick Operational Commands

Firewall operating status

[root@centos7 vagrant]# firewall-cmd --state
running

Examine the active zone

[root@centos7 vagrant]# firewall-cmd --get-active-zones
public
interfaces: eth0 eth1

Check current settings: Active Zone

[root@centos7 vagrant]# firewall-cmd --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports: port=8080:proto=tcp:toport=80:toaddr=
source-ports:
icmp-blocks:
rich rules:

Check current settings: All zones

[root@centos7 vagrant]# firewall-cmd --list-all-zones
block
target: %%REJECT%%
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
dmz
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
drop
target: DROP
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
external
target: default
icmp-block-inversion: no
interfaces:
sources:
services: ssh
ports:
protocols:
masquerade: yes
forward-ports:
source-ports:
icmp-blocks:
rich rules:
home
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
internal
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns samba-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0 eth1
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports: port=8080:proto=tcp:toport=80:toaddr=
source-ports:
icmp-blocks:
rich rules:
trusted
target: ACCEPT
icmp-block-inversion: no
interfaces:
sources:
services:
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
work
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:

Service add/delete

Add Service

[root@centos7 vagrant]# firewall-cmd --permanent --add-service=ssh
Warning: ALREADY_ENABLED: ssh
success

Delete Service

[root@centos7 vagrant]# firewall-cmd --permanent --zone=public --remove-service=ssh
success

Port add/delete

Add Port

[root@centos7 vagrant]# firewall-cmd --zone=public --add-port=9001/tcp --permanent
success

Delete Port

[root@centos7 vagrant]# firewall-cmd --zone=public --remove-port=9001/tcp --permanent
success

Reload configuration

[root@centos7 vagrant]# firewall-cmd --reload
success

Example of complex command

[root@centos7 vagrant]# firewall-cmd --permanent --zone=public --add-rich-rule="rule family="ipv4" source address="192.168.123.0/24" port protocol="tcp" port="22" accept"
success

 by the author.

--

--

--

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

“List” We Forget…

Off the Cliff ep6: Substratum

WhatsApp Integration with Rasa Chat bot

Lenovo acpi driver windows 7

ALEXA TRIVIA GAME SKILL

Run Cron Tasks Using Golang

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Maciej

Maciej

DevOps Consultant. I’m strongly focused on automation, security, and reliability.

More from Medium

Creating, Adding, Authorizing Users And Groups With Ansible

Learn Docker:Network access (6/6)

Fork vs Serial in Ansible

Compare Configuration Management Tools — Ansible, Chef & Puppet

ansible, chef, puppet, comparison