FirewallD is frontend controller for iptables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions. Working with FirewallD has two main differences compared to directly controlling iptables:
- FirewallD uses zones and services instead of chain and rules.
- It manages rulesets dynamically, allowing updates without breaking existing sessions and connections.
FirewallD is a wrapper for iptables to allow easier management of iptables rules–it is not an iptables replacement. While iptables commands are still available to FirewallD, it’s recommended to use only FirewallD commands with FirewallD.
yum install firewalld systemctl enable firewalld systemctl restart firewalld
How to use
# verify the default config and zones firewall-cmd –get-default-zone # List information for all zones firewall-cmd –list-all-zones # List allowed services firewall-cmd –zone=work –list-services # Remove the SSH service from the default zone ( public) firewall-cmd –permanent –remove-service=ssh # Create the zone, allow the SSH service and the source IPs firewall-cmd –permanent –new-zone=SSHZONE firewall-cmd –permanent –zone=SSHZONE –add-source=[I.P.] firewall-cmd –permanent –zone=SSHZONE –add-service=ssh # Reload the firewall to take effect and make the zone active firewall-cmd –reload