Firewalld
From Bashlinux
How to enable/disable firewalld
- Enable
# systemctl start firewalld.service # systemctl enable firewalld.service
- Disable
# systemctl stop firewalld.service # systemctl disable firewalld.service
How to check if firewalld is running
#firewall-cmd --state
How to check active zones
# firewall-cmd --get-active-zones
How to check current active services
# firewall-cmd --get-service
How to reload firewalld
# firewall-cmd --reload
How to allow traffic on a specific port
# firewall-cmd --permanent --zone-public --add-port=1122 # firewall-cmd --reload
How to add a known service to the firewall
Assuming we want to allow http traffic (port 80)
# firewall-cmd --permanent --zone-public --add-service=http # firewall-cmd --reload
How to remove a specific port
# firewall-cmd --permanent --zone-public --remove-port=1122 # firewall-cmd --reload
How to remove a specific service from the firewall
# firewall-cmd --permanent --zone=public --remove-service=https # firewall-cmd --reload
How to allow traffic coming from a particular subnet
Assuming we want to allow http traffic (port 80) from 10.20.30.0/24 network only.
# firewall-cmd --permanent --zone=public --remove-rich-rule="rule family="ipv4" source address="10.20.30.0/24" service name="http" accept"