========== Firewalld: ========== :Title: firewalld :Author: Douglas O'Leary :Description: notes on firewalld :Date created: 12/15/17 :Date updated: :Disclaimer: Standard: Use the information that follows at your own risk. If you screw up a system, don't blame it on me... Commands: ========= systemctl status firewalld Displays firewalld status firewall-cmd --get-services: List pre-defined services but all on one line. firewall-cmd --add-service=ftp Add ftp to the list of services avaiable for the active zone firewall-cmd --get-active-zone Displays the current/active zone firewall-cmd --get-default-zone Displays the default zone firewall-cmd --get-zones Displays all available zones. Not overly useful:: # firewall-cmd --get-zones block dmz drop external home internal public trusted work firewall-cmd --list-all-zones Displays much more detailed information about each zone. fireawll-cmd --list--all [ --zone=${zone} ] Displays current configuration of the active (or specified) zone which will include the assigned interfaces. firewall-cmd --get-zone-of-interface=${interface} Identify the firewall zone to which an interface is assigned. firewall-cmd --list-services [ --zone=${zone} ] Displays the services that have been enabled in the active or specified zone. IP forwarding: ============== If using firewalld to route/nat, ensure ip_forward is set:: # sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 1 Interfaces: =========== * Files in /etc/firewalld (prob should leave those alone) * firewall-config (GUI) * firewall-cmd (cli) Procedures: ----------- Adding/deleting a service: ~~~~~~~~~~~~~~~~~~~~~~~~~~ :: firewall-cmd --add-service=${service} [ --permanent ] firewall-cmd --delete-service=${service} [ --permanent ] firewall-cmd --reload Identify a zone for a specific interface: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ :: # firewall-cmd --get-zone-of-interface=eth1 public