redhat firewalld - ghdrako/doc_snipets GitHub Wiki
Status
firewall-cmd --state
firewall-cmd --list-services
systemctl status firewalld
Show rules
firewall-cmd --get-all-rules --direct
Start
systemctl unmask firewalld
systemctl start firewalld
systemctl enable firewalld
stop
systemctl stop firewalld
systemctl disable firewalld # prevent firewalld from starting automatically at system start,
systemctl mask firewalld # make sure firewalld is not started by accessing the firewalld D-Bus interface and also if other services require firewalld
control traffic in services
firewall-cmd --panic-on # immediately disable networking traffic
firewall-cmd --panic-off
firewall-cmd --query-panic
firewall-cmd --list-services # List allowed services
firewall-cmd --get-services # List all predefined services
firewall-cmd --add-service=<service-name> # add the service to the allowed services
firewall-cmd --runtime-to-permanent # Make the new settings persistent
firewall-cmd --new-service=service-name
firewall-cmd --new-service-from-file=service-name.xml
Enable port
firewall-cmd --zone=public --add-port=1234/tcp --permanent
Open TCP ports 80 and 443
sudo firewall-cmd --add-port=80/tcp --permanent
sudo firewall-cmd --add-port=443/tcp --permanent
# or
sudo firewall-cmd --add-port=80/tcp --add-port=443/tcp --permanent
After adding the ports, you need to reload the firewall for the changes to take effect:
sudo firewall-cmd --reload
You can also check the status of the ports using the following command:
sudo firewall-cmd --list-ports
controlling ports
firewall-cmd --list-ports # List all allowed ports
firewall-cmd --add-port=port-number/port-type # Add a port to the allowed ports to open it for incoming traffic
firewall-cmd --runtime-to-permanent # Make the new settings persistent
firewall-cmd --remove-port=port-number/port-type
firewall-cmd --runtime-to-permanent
Przekierowanie ip na inny regula firewall-owa
firewall-cmd --permanent --new-policy ExamplePolicy
firewall-cmd --permanent --policy=ExamplePolicy --add-ingress-zone=HOST
firewall-cmd --permanent --policy=ExamplePolicy --add-egress-zone=ANY
firewall-cmd --permanent --policy=ExamplePolicy --add-rich-rule='rule family="ipv4" destination address="192.0.2.1" forward-port port="443" protocol="tcp" to-port="443" to-addr="192.51.100.20"'
firewall-cmd --reload