Firewalld is a dynamic firewall utility that provides a user-friendly interface for managing firewall rules on Linux systems. It is designed to be easier to use than traditional firewalls like Iptables, while still providing powerful features for securing your network. In this article, we will cover the essentials of Firewalld, including some of the most common firewall rules and commands.
Before we dive into the details of Firewalld, it is essential to understand the basics of how it works. Firewalld is based on the concept of zones, which are predefined sets of rules that apply to incoming and outgoing traffic. Each zone has a set of default rules that can be customized to meet your network’s needs.
The Firewalld command syntax follows a basic structure of:
1 | firewall-cmd [--zone=<zone>] <command> [--permanent] <rule> |
The --zone option specifies the zone to which the command applies. The default zone is the public zone, which is used for general network traffic. Other zones include internal for internal networks and external for external networks.
In this article, we will discuss some of the essential firewall rules and commands that every system administrator should know when using Firewalld.
List Firewall Rules
The first and most important command that you should know is how to list the firewall rules that are currently in effect on your system. The command to do this is:
sudo firewall-cmd --list-all
This command will show you all the rules that are currently applied to your system, including the default zone, services, and ports that are allowed through the firewall.
Add or Remove a Port
To add or remove a port, you can use the following commands:
sudo firewall-cmd --add-port=PORT/tcpsudo firewall-cmd --remove-port=PORT/tcp
In these commands, you need to replace “PORT” with the port number that you want to add or remove. For example, if you want to allow incoming traffic on port 80, you would use the following command:
sudo firewall-cmd --add-port=80/tcp
Allow or Deny a Service
You can also allow or deny a specific service through the firewall using the following commands:
sudo firewall-cmd --add-service=SERVICEsudo firewall-cmd --remove-service=SERVICE
In these commands, you need to replace “SERVICE” with the name of the service that you want to allow or deny. For example, if you want to allow incoming SSH traffic, you would use the following command:
sudo firewall-cmd --add-service=ssh
Change the Default Zone
Firewalld uses zones to define the level of trust that should be applied to network connections. The default zone is the zone that is applied to all network connections that are not explicitly assigned to a different zone.
To change the default zone, use the following command:
sudo firewall-cmd --set-default-zone=ZONE
In this command, you need to replace “ZONE” with the name of the zone that you want to set as the default.
Reload the Firewall
Whenever you make changes to the firewall rules, you need to reload the firewall to apply the changes. To do this, use the following command:
sudo firewall-cmd --reload
This command will reload the firewall rules and apply any changes that you have made.
Block an IP Address
If you want to block incoming traffic from a specific IP address, you can use the following command:
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="IP_ADDRESS" reject'
In this command, you need to replace “IP_ADDRESS” with the IP address that you want to block.
Remove a Rule
If you want to remove a specific rule from the firewall, use the following command:
sudo firewall-cmd --remove-rule=RULE_NUMBER
In this command, you need to replace “RULE_NUMBER” with the number of the rule that you want to remove.
Conclusion
Firewalld is a powerful and flexible firewall management tool that makes it easy to manage network security on Linux-based operating systems. By understanding the essential firewall rules and commands, you can configure and manage your firewall to provide effective protection for your network. The commands we have discussed in this article will help you get started with Firewalld and give you the knowledge you