- is firewalld running?
firewall-cmd --state
- start firewalld
systemctl start firewalld.service
firewall-cmd --state
- what is the default zone?
firewall-cmd --get-default-zone
- what zones are active on which interfaces?
firewall-cmd --get-active-zones
- what are the service settings for the default zone?
firewall-cmd --list-all
- what zones are available?
firewall-cmd --get-zones
- what are the service settings of the 'home' zone?
firewall-cmd --zone=home --list-all
- list the service settings of all zones.
firewall-cmd --list-all-zones | less
- what services are available?
firewall-cmd --get-services
- allow http service to the public zone.
firewall-cmd --zone=public --add-service=http
firewall-cmd --zone=public --list-services
- allow https service permanently to the public zone.
firewall-cmd --zone=public --permanent --add-service=http
firewall-cmd --zone=public --permanent --list-services
- allow a specific port to the public service.
firewall-cmd --zone=public --add-port=3011/tcp
firewall-cmd --zone=public --permanent - -add-port=3011/tcp
- services are stored in lib, new services acn be stored in etc.
cp /usr/lib/firewalld/services/ftp.xml /etc/firewalld/services/ftp_new.xml
- change port 21 to eg 7021 and reload.
vi /etc/firewalld/services/ftp_new.xml
firewall-cmd --reload
firewall-cmd --get-services
- create a new zone.
firewall-cmd --permanent --new-zone=publictest
firewall-cmd --reload
firewall-cmd --get-zones
- connect new zone to interface.
firewall-cmd --zone=publictest --change-interface=ens32
- add service ssh to new zone.
firewall-cmd --zone=publictest --permanent --add-service=ssh
- add to /etc/sysconfig/network-scripts/ifcfg-ens32
ZONE=publictest
- restart network and firewalld.
sudo systemctl restart network
sudo systemctl restart firewalld