Firewall Management¶
Prerequisites¶
- Root or sudo privileges
- Knowledge of which ports/protocols to open
Quick Reference¶
| Action | Command |
|---|---|
| List all rules | firewall-cmd --list-all |
| List ports | firewall-cmd --list-ports |
| List services | firewall-cmd --list-services |
| Open Port (Perm) | firewall-cmd --permanent --add-port=PORT/PROTO |
| Add Service (Perm) | firewall-cmd --permanent --add-service=SVC |
| Remove Port | firewall-cmd --permanent --remove-port=PORT/PROTO |
| Reload | firewall-cmd --reload |
| Get Default Zone | firewall-cmd --get-default-zone |
| Panic (Block All) | firewall-cmd --panic-on |
Procedure: Open a Port in firewalld¶
When to use: Enabling network access to a service (e.g., web server on port 80).
Steps:
-
Add port (runtime only, lost on reboot):
firewall-cmd --add-port=80/tcp -
Make it permanent (survives reboot):
Best practice: Run both commands, or run permanent then reload.firewall-cmd --permanent --add-port=80/tcp -
Reload (if you only ran --permanent):
firewall-cmd --reload -
Verify:
firewall-cmd --list-ports
Troubleshooting:
- Port still blocked? Check if it's open in the correct zone. Default is usually
public. Use--zone=publicto be explicit.
Procedure: Add a Service to firewalld¶
When to use: Opening standard ports for a known service (handles multiple ports/protocols automatically).
Steps:
-
List available services:
firewall-cmd --get-services -
Add the service permanently:
firewall-cmd --permanent --add-service=http firewall-cmd --permanent --add-service=https -
Reload firewall:
firewall-cmd --reload -
Verify:
firewall-cmd --list-services
Troubleshooting:
- If "Service not found": You might need to define a custom service xml in
/usr/lib/firewalld/services/.
Related Documentation¶
- Technologies: firewalld
- Concepts: Firewalls