Article

Table of Contents
Theme:
Was this article helpful?
Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $300 by adding new articles!

Firewalld Quickstart Guide

Last Updated: Mon, Apr 13, 2020
Quickstart Guides Security System Admin

Firewalld is the default software firewall for Fedora, CentOS 7, and other modern distributions based on Red Hat or SUSE Linux. This quickstart guide outlines several useful commands and techniques to assist debugging Firewalld.

Verify firewalld is active

$ firewall-cmd --state
running

Check the zones assigned to active interfaces

$ firewall-cmd --get-active-zones
public
    interfaces: ens3

Check which ports and services are allowed

Assuming your active zone is public, this quick check reveals what traffic is allowed.

$ firewall-cmd --zone=public --list-ports
7000-8000/tcp

$ firewall-cmd --zone=public --list-services
cockpit dhcpv6-client ssh

Example: Allow SSH

Assuming your active zone is public, use either of these two methods to allow SSH.

$ firewall-cmd --zone=public --add-service=ssh

or

# firewall-cmd --add-port=22/tcp

Panic Mode

Drop All Packets

As root, use the --panic-on switch.

# firewall-cmd --panic-on

All packets will be dropped. Active connections will be terminated after a period of inactivity.

Panic Mode Off

As root, use the --panic-off switch.

# firewall-cmd --panic-off

Check Panic Mode Status

firewall-cmd --query-panic && echo "enabled" || echo "Not enabled"

Permanent vs. Temporary Configuration

Temporary changes cause a common issue; the server works as expected until the next reboot. Make sure you permanently save your configuration.

To make a command permanent, add the --permanent option to all commands except --direct commands (which are temporary by nature). Setting made with the --permanent option do not take effect until the next firewall reload, service restart, or system reboot. Settings made without the --permanent option take effect immediately, but are only valid until the next firewall reload, system boot, or service restart.

Disable firewalld

As root, mask and disable the service.

# systemctl mask --now firewalld.service
# systemctl disable --now firewalld.service

For more information

Want to contribute?

You could earn up to $300 by adding new articles