Forrest logo
tool overview
On this page you find all important commands for the CLI tool firewall-cmd. If the command you are looking for is missing please ask our AI.

firewall-cmd

firewall-cmd is a command-line tool used in Linux distributions to manage the firewall. It allows users to configure and control the firewall settings without the need for manually editing configuration files. Here are ten key points about firewall-cmd:

  1. Configuration: firewall-cmd is used to configure the firewalld service, which is a dynamic firewall management tool available by default in many Linux distributions.

  2. Zones: firewalld organizes network interfaces into different zones, such as public, internal, trusted, etc. firewall-cmd allows users to assign interfaces to specific zones, determining the level of trust and access allowed for each zone.

  3. Rules: Using firewall-cmd, users can define rule sets to control network access, both inbound and outbound. These rules can be based on various criteria like source/destination addresses, ports, protocols, etc.

  4. Services: firewall-cmd provides an interface to manage services that can be allowed or blocked based on predefined service names. This abstraction simplifies rule management by associating specific rules with predefined service definitions.

  5. Rich Rules: In addition to regular rules, firewall-cmd supports rich rules, which offer more granular control over network traffic. Rich rules allow the use of more complex packet matching criteria and actions.

  6. Zones Modification: firewall-cmd enables the modification of zone settings. Users can add or remove interfaces from zones, change zone properties, and define default behaviors for each zone.

  7. Runtime vs Permanent: firewall-cmd operates in two modes: runtime and permanent. Changes made in runtime mode are temporary and only last until the firewall service is restarted. Permanent changes persist across reboots.

  8. Service Management: Using firewall-cmd, users can list, enable, disable, add, or remove specific services from active zones. This simplifies the management of services allowed through the firewall.

  9. Logging: firewall-cmd provides the ability to configure logging options for incoming and outgoing packets. Users can define log rules to record network activity for monitoring, troubleshooting, or analysis purposes.

  10. Application Integration: Many Linux applications, such as web servers or database servers, integrate with firewalld and firewall-cmd. This integration allows these applications to automatically manage firewall rules based on their specific requirements.

Overall, firewall-cmd is a powerful command-line tool that simplifies the management and configuration of firewalld in Linux systems, providing enhanced security by controlling network traffic effectively.

List of commands for firewall-cmd:

  • firewall-cmd:tldr:61a69 firewall-cmd: Permanently close the port for a service in the specified zone (like port 80 when in the `public` zone).
    $ firewall-cmd --permanent --zone=${public} --remove-service=${http}
    try on your machine
    explain this command
  • firewall-cmd:tldr:8b46a firewall-cmd: Reload firewalld to force rule changes to take effect.
    $ firewall-cmd --reload
    try on your machine
    explain this command
  • firewall-cmd:tldr:8dbc7 firewall-cmd: Permanently open two arbitrary ports in the specified zone.
    $ firewall-cmd --permanent --zone=${public} --add-port=${25565-tcp} --add-port=${19132-udp}
    try on your machine
    explain this command
  • firewall-cmd:tldr:933d8 firewall-cmd: Permanently move the interface into the block zone, effectively blocking all communication.
    $ firewall-cmd --permanent --zone=${block} --change-interface=${enp1s0}
    try on your machine
    explain this command
  • firewall-cmd:tldr:a43a5 firewall-cmd: Permanently open the port for a service in the specified zone (like port 443 when in the `public` zone).
    $ firewall-cmd --permanent --zone=${public} --add-service=${https}
    try on your machine
    explain this command
  • firewall-cmd:tldr:c347c firewall-cmd: View the available firewall zones.
    $ firewall-cmd --get-active-zones
    try on your machine
    explain this command
  • firewall-cmd:tldr:cadb1 firewall-cmd: View the rules which are currently applied.
    $ firewall-cmd --list-all
    try on your machine
    explain this command
tool overview