firewall-cmd – Firewall software for Linux, similar to iptables

Firewall-cmd is a command-line utility that manages firewall rules in Linux systems that use the firewalld daemon. It provides a simple and more user-friendly interface to manage the firewall rules compared to the traditional iptables command.

Overview

Firewall-cmd uses the D-Bus interface to communicate with the firewalld daemon. It allows users to add, remove, and modify firewall rules in real-time. The command can be used to manage firewall zones, services, ports, and source/destination addresses.

Examples

  1. To list all the available zones in the system:
firewall-cmd --get-zones
  1. To list all the active zones in the system:
firewall-cmd --get-active-zones
  1. To add a new service to the default zone:
firewall-cmd --zone=public --add-service=http
  1. To remove a service from the default zone:
firewall-cmd --zone=public --remove-service=http
  1. To open a specific port in the default zone:
firewall-cmd --zone=public --add-port=8080/tcp

Use cases

  • Restricting access to specific services or ports
  • Blocking traffic from specific IP addresses or ranges
  • Allowing traffic only from specific IP addresses or ranges
  • Creating custom firewall zones for specific network configurations

Options

The following table lists the available options for the firewall-cmd command:

Option Description
–add-port=<port>/<protocol> Adds a port to the firewall
–add-service=<service> Adds a service to the firewall
–remove-port=<port>/<protocol> Removes a port from the firewall
–remove-service=<service> Removes a service from the firewall
–zone=<zone> Specifies the firewall zone to modify
–list-all Lists all the firewall rules for the specified zone
–get-zones Lists all the available firewall zones
–get-active-zones Lists all the active firewall zones

Troubleshooting tips

  • If you’re having trouble accessing a specific service or port, make sure it’s added to the correct zone.
  • If you’re unable to connect to a specific IP address or range, make sure it’s not blocked by the firewall.
  • If you’re experiencing issues with the firewall-cmd command, try restarting the firewalld daemon.

Notes

  • Firewall-cmd is a newer and more user-friendly alternative to the traditional iptables command.
  • Firewall-cmd uses the firewalld daemon to manage firewall rules in real-time.
  • Firewall-cmd provides a comprehensive set of options to manage firewall zones, services, ports, and source/destination addresses.