What is Firewalld?
firewalld
Firewalld provides a dynamically managed firewall with support for network/firewall zones that define the trust level of network connections or interfaces.
It has support for IPv4, IPv6 firewall settings, ethernet bridges and IP sets.
There is a separation of runtime and permanent configuration options.
It also provides an interface for services or applications to add firewall rules directly.
You can check more details this link Firewalld
Install Firewalld and Run
1
2
3
4
5
6
7
8
| # Install
yum install firewalld
# Start
systemctl start firewalld
# Enable
systemctl enable firewalld
|
Configuration Firewalld
Default Configuration Files Location
/usr/lib/firewalld/
System Specific Configuration Files Location
/etc/firewalld/
Application Configuration File
/etc/firewalld/firewalld.conf
1
| vi /etc/firewalld/firewalld.conf
|
DefaultZone
DefaultZone
Customized Configuration File
public
1
| vi /etc/firewalld/zones/public.xml
|
/etc/firewalld/zones/public.xml
1
2
3
4
5
6
7
8
9
10
11
| <?xml version="1.0" encoding="utf-8"?>
<zone>
<short>Public</short>
<description>
For use in public areas. You do not trust the other computers on networks to not harm your computer. Only selected incoming connections are accepted.
</description>
<service name="dhcpv6-client"/>
<service name="http"/>
<service name="ssh"/>
<service name="https"/>
</zone>
|
custom
1
| vi /etc/firewalld/zones/custom.xml
|
Service Reload
Zone
Predefined Zone List
1
| firewall-cmd --get-zones
|
All Zones Detail
1
| firewall-cmd --list-all-zones
|
Check Default Zone
1
| firewall-cmd --get-default-zone
|
Check Active Zone
1
| firewall-cmd --get-active-zones
|
Set Default Zone
1
| firewall-cmd --set-default-zone=webserver
|
Add New Zone
1
| firewall-cmd --permanent --new-zone=webserver
|
Delete Zone
1
| firewall-cmd --permanent --delete-zone=webserver
|
Service
Service List
1
| firewall-cmd --get-services
|
Permanent Service List
1
| firewall-cmd --permanent --list-all --zone=public
|
Add Service
1
2
| firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
|
Remove Service
1
| firewall-cmd --permanent --zone=public --remove-service=http
|
Port
Note
After adding, changing, and deleting Port, you have to execute --reload.
Add Port
1
2
3
4
5
| # One Port
firewall-cmd --permanent --zone=public --add-port=8080/tcp
# Range Ports
firewall-cmd --permanent --zone=public --add-port=4000-4100/tcp
|
Remove Port
1
2
3
4
5
| # One Port
firewall-cmd --permanent --zone=public --remove-port=8080/tcp
# Range Ports
firewall-cmd --permanent --zone=public --remove-port=4000-4100/tcp
|
IP
Note
After adding, changing, and deleting IP, you have to execute --reload.
Add IP
1
| firewall-cmd --permanent --zone=public --add-source=192.168.1.0/24 --add-port=22/tcp
|
Change IP
1
| firewall-cmd --permanent --zone=public --change-source=192.168.1.0/24
|
Remove IP
1
| firewall-cmd --permanent --zone=public --remove-source=192.168.1.0/24
|
CozyFex