Difference between revisions of "Firewalld"

Latest revision as of 04:20, 25 June 2015

How to enable/disable firewalld

• Enable

# systemctl start firewalld.service
# systemctl enable firewalld.service

• Disable

# systemctl stop firewalld.service
# systemctl disable firewalld.service

How to check if firewalld is running

#firewall-cmd --state

How to check active zones

# firewall-cmd --get-active-zones

How to check current active services

# firewall-cmd --get-service

How to reload firewalld

# firewall-cmd --reload

How to allow traffic on a specific port

# firewall-cmd --permanent --zone-public --add-port=1122
# firewall-cmd --reload

How to add a known service to the firewall

Assuming we want to allow http traffic (port 80)

# firewall-cmd --permanent --zone-public --add-service=http
# firewall-cmd --reload

How to remove a specific port

# firewall-cmd --permanent --zone-public --remove-port=1122
# firewall-cmd --reload

How to remove a specific service from the firewall

# firewall-cmd --permanent --zone=public --remove-service=https
# firewall-cmd --reload

How to allow traffic coming from a particular subnet

Assuming we want to allow http traffic (port 80) from 10.20.30.0/24 network only.

# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="10.20.30.0/24" service name="http" accept"