Firewalld Commands

Introduction

Firewalld is a dynamic firewall manager for Linux systems that provides a flexible way to manage network security. This guide covers essential Firewalld commands for managing firewall rules and services.

Firewalld Service Management

Basic Service Commands

# Check service status
sudo systemctl status firewalld

# Start the service
sudo systemctl start firewalld

# Stop the service
sudo systemctl stop firewalld

# Restart the service
sudo systemctl restart firewalld

Firewall Configuration

List Current Settings

# List all firewall rules
firewall-cmd --list-all

# List allowed services
firewall-cmd --list-services

# List open ports
firewall-cmd --list-ports

Port Management

# Add a port
sudo firewall-cmd --zone=public --permanent --add-port=80/tcp
sudo firewall-cmd --reload

# Remove a port
sudo firewall-cmd --zone=public --permanent --remove-port=80/tcp
sudo firewall-cmd --reload

Common Use Cases

Allow SSH Access

# Allow SSH service
sudo firewall-cmd --zone=public --permanent --add-service=ssh
sudo firewall-cmd --reload

Allow HTTP/HTTPS Traffic

# Allow HTTP and HTTPS services
sudo firewall-cmd --zone=public --permanent --add-service=http
sudo firewall-cmd --zone=public --permanent --add-service=https
sudo firewall-cmd --reload

Best Practices

1. Always use --permanent flag for persistent changes
2. Remember to reload after making changes
3. Use service names instead of port numbers when possible
4. Keep track of allowed services and ports
5. Regularly review firewall rules