FirewallD
Introduction
FirewallD is frontend controller for iptables used to implement persistent network traffic rules. It provides command line and graphical interfaces and is available in the repositories of most Linux distributions. Working with FirewallD has two main differences compared to directly controlling iptables:
- FirewallD uses zones and services instead of chain and rules.
- It manages rulesets dynamically, allowing updates without breaking existing sessions and connections.
FirewallD is a wrapper for iptables to allow easier management of iptables rules–it is not an iptables replacement. While iptables commands are still available to FirewallD, it’s recommended to use only FirewallD commands with FirewallD.
Install
#
sudo yum install firewalld # [CentOS 7/RHEL 7]
sudo dnf install firewalld # [CentOS 8/RHEL 8/Fedora]
sudo zypper install firewalld # [openSUSE Leap]
# Autostart the service
systemctl enable firewalld
systemctl restart firewalld
How to use
# verify the default config and zones
firewall-cmd --get-default-zone
# List information for all zones
firewall-cmd --list-all-zones
# List allowed services
firewall-cmd --zone=work --list-services
# Remove the SSH service from the default zone ( public)
firewall-cmd --permanent --remove-service=ssh
# Create the zone, allow the SSH service and the source IPs
firewall-cmd --permanent --new-zone=SSHZONE
firewall-cmd --permanent --zone=SSHZONE --add-source=[I.P.]
firewall-cmd --permanent --zone=SSHZONE --add-service=ssh
# Reload the firewall to take effect and make the zone active
firewall-cmd --reload