Code Review In Seconds

Self-Hosted AI Code Reviewer

Hexmos LiveReview AI-Powered Code Review
Live Review
AI-Powered Code Review

Firewall Command - Manage Linux Firewall Rules

Learn to manage Linux firewall rules effectively with firewall-cmd. This guide covers essential commands for reloading, listing, and configuring firewall rules.

Firewall Command

The firewall-cmd utility is the primary command-line interface for managing the firewalld daemon, a dynamic firewall management tool for Linux distributions. It allows administrators to configure firewall rules, zones, and services without interrupting network connections.

Essential Firewall-cmd Commands

Here are some of the most frequently used firewall-cmd commands for managing your Linux firewall:

Reloading Firewall Configuration

After making changes to firewall rules or configurations, you need to reload the firewall to apply them. This command ensures that all active rules are re-read and enforced.

firewall-cmd --reload

Listing All Firewall Rules and Configurations

To get a comprehensive overview of your current firewall setup, including active zones, services, ports, and rules, use the --list-all option. This is invaluable for auditing and troubleshooting.

firewall-cmd --list-all

Listing Active Zones

firewalld uses zones to manage trust levels for network connections. Listing the active zones helps you understand which policies are currently in effect for different network interfaces.

firewall-cmd --get-active-zones

Adding a Service to a Zone

You can allow specific services (like SSH, HTTP, HTTPS) to pass through the firewall for a particular zone. For example, to allow SSH in the public zone:

firewall-cmd --zone=public --add-service=ssh --permanent

Remember to use --permanent to make the change persistent across reboots, and then reload the firewall.

Adding a Port to a Zone

If a service is not predefined, you can open specific ports. For instance, to open TCP port 8080 in the public zone:

firewall-cmd --zone=public --add-port=8080/tcp --permanent

Again, use --permanent and then reload.

Understanding Firewall Zones

Firewall zones provide a way to manage different levels of trust for network connections. Common zones include public, home, work, and trusted. Each zone has a default set of rules, and you can customize them to suit your security needs.

Best Practices for Firewall Management

  • Always use the --permanent flag when making changes you want to keep after a reboot.
  • Reload the firewall using firewall-cmd --reload after applying permanent changes.
  • Regularly review your firewall rules using firewall-cmd --list-all to ensure they align with your security policies.
  • Understand the purpose of different firewall zones and assign interfaces to the appropriate zones.
  • For advanced configurations, consult the official firewalld documentation.

External Resources

← Back to cmd cheatsheets All cheatsheets 🙏  Credits & Acknowledgments