Kaspars: 1 revision imported

2026-04-16T08:41:31Z

1 revision imported

← Older revision		Revision as of 10:41, 16 April 2026
(No difference)

Kaspars at 07:19, 13 September 2018

2018-09-13T07:19:30Z

New page

<div class="mw-parser-output"> </div> <div class="mw-parser-output">
<div class="mw-parser-output">
== Installing firewalld ==

<br/> By default, firewalld is included in the “core” rpm group, but if in case it is not installed, you can always install it using yum.
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># yum install -y firewalld</div>
<br/> Enable the firewalld to start at boot:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># systemctl enable firewalld</div>
<br/> Restart the firewalld service now.
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># systemctl restart firewalld</div>
<br/> Available options with firewall-cmd command
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"><br/> # firewall-cmd --help</div>
 

Usage: firewall-cmd [OPTIONS...]

General Options<br/>     -h, --help           Prints a short help text and exists<br/>     -V, --version        Print the version string of firewalld<br/>     -q, --quiet          Do not print status messages

Status Options<br/>     --state                  Return and print firewalld state<br/>     --reload                 Reload firewall and keep state information<br/>     --complete-reload        Reload firewall and lose state information<br/>     --runtime-to-permanent   Create permanent from runtime configuration<br/> The firewall-cmd command offers categories of options such as General, Status, Permanent, Zone, IcmpType, Service, Adapt and Query Zones, Direct, Lockdown, Lockdown Whitelist, and Panic. Refer to the firewall-cmd man page for more information.
</div>

== Useful firewall-cmd Examples ==

=== <br/> List all zones ===

<br/> Use the following command to list information for all zones. Only partial output is displayed.
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --list-all-zones</div>
<br/> work<br/>     target: default<br/>     icmp-block-inversion: no<br/>     interfaces: <br/>     sources: <br/>     services: dhcpv6-client ssh<br/>     ports: <br/>     protocols: <br/>     masquerade: no<br/>     forward-ports: <br/>     sourceports: <br/>     icmp-blocks: <br/>     rich rules: 

drop<br/>     target: DROP<br/>     icmp-block-inversion: no<br/>     interfaces: <br/>     sources: <br/>     services: <br/>     ports: <br/>     protocols: <br/>     masquerade: no<br/>     forward-ports: <br/>     sourceports: <br/>     icmp-blocks: <br/>     rich rules: <br/> .....<br/> Public is the default zone set, if you do not change it. To check the currently set default zone use the below command:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --get-default-zone</div>
<br/> public

=== <br/> List allowed service and ports on the system ===

<br/> To show currently allowed service on your system use the below command.
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --list-services</div>
<br/> dhcpv6-client ssh<br/> To list the ports that are open on your system:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --list-ports</div>
<br/> You would normally see no ports listed here when you have just enabled the firewalld.

=== To Enable all the incoming ports for a service ===

<br/> You can also open the required ports for a service by using the –add-seervice option. To permit access by HTTP clients for the public zone:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --zone=public --add-service=http</div>
<br/> success<br/> To list services that are allowed for the public zone:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --zone=work --list-services</div>
<br/> dhcpv6-client http ssh<br/> Using this command only changes the Runtime configuration and does not update the configuration files. The following sequence of commands shows that configuration changes made in Runtime configuration mode are lost when the firewalld service is restarted:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># systemctl restart firewalld<br/> # firewall-cmd --zone=work --list-services</div>
<br/> dhcpv6-client ssh<br/> To make changes permanent, use the –permanent option. Example:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --permanent --zone=public --add-service=http</div>
<br/> success<br/> Changes made in Permanent configuration mode are not implemented immediately. Example:
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --zone=work --list-services</div>
<br/> dhcpv6-client ssh<br/> However, changes made in a Permanent configuration are written to configuration files. Restarting the firewalld service reads the configuration files and implements the changes.

=== Example: ===
<div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># systemctl restart firewalld<br/> # firewall-cmd --zone=work --list-services<br/> dhcpv6-client http ssh<br/> 4. Allow traffic on an incoming port<br/> The command below will open the port 2222 effective immediately, but will not persist across reboots:</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --add-port=[YOUR PORT]/tcp<br/> For example, to open TCP port 2222 :</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --add-port=2222/tcp<br/> The following command will create a persistent rule, but will not be put into effect immediately:</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --permanent --add-port=[YOUR PORT]/tcp<br/> For Example, to open TCP port 2222 :</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd --permanent --add-port=2222/tcp<br/> To list the open ports, use the command :</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># firewall-cmd –-list-ports<br/> 2222/tcp<br/> 5. Start and stop firewalld service<br/> To start/stop/status firewalld service use the below commands:</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># systemctl start firewalld.service<br/> # systemctl stop firewalld.service<br/> To check the status of the firewalld service:</div> <div style="background:#eee;border:1px solid #ccc;padding:5px 10px;"># systemctl status firewalld.service<br/>  </div>
 

 
</div>

CentOS/Useful Examples of firewall-cmd command - Revision history

Kaspars: 1 revision imported

Kaspars at 07:19, 13 September 2018