FirewallD is frontend controller for iptables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions. Working with FirewallD has two main differences compared to directly controlling iptables:

  1. FirewallD uses zones and services instead of chain and rules.
  2. It manages rulesets dynamically, allowing updates without breaking existing sessions and connections.

FirewallD is a wrapper for iptables to allow easier management of iptables rules–it is not an iptables replacement. While iptables commands are still available to FirewallD, it’s recommended to use only FirewallD commands with FirewallD.

yum install firewalld

systemctl enable firewalld

systemctl restart firewalld
How to use
# verify the default config and zones
firewall-cmd –get-default-zone

# List information for all zones
firewall-cmd –list-all-zones

# List allowed  services
firewall-cmd –zone=work –list-services

# Remove the SSH service from the default zone ( public)
firewall-cmd –permanent –remove-service=ssh

# Create the zone, allow the SSH service and the source IPs
firewall-cmd –permanent –new-zone=SSHZONE
firewall-cmd –permanent –zone=SSHZONE –add-source=[I.P.]
firewall-cmd –permanent –zone=SSHZONE –add-service=ssh

# Reload the firewall to take effect and make the zone active
firewall-cmd –reload

Revision #3
Created Fri, Sep 4, 2020 7:03 PM by Admin
Updated Tue, Feb 16, 2021 9:08 AM by Admin