Home > Network Management > firewalld

firewalld: Dynamic Firewall Service Management

firewalld is a dynamic firewall management daemon for Linux systems. It allows for easy management of firewall rules using the concept of network zones, and enables rule changes even while services are running. It serves to replace or complement existing iptables.

Overview

firewalld is a daemon that controls a system's network traffic, allowing different security levels to be applied based on network interfaces or source IP addresses through predefined zones. It provides a user-friendly interface instead of directly handling complex iptables rules.

Key Features

  • Dynamic Rule Management: Rules can be changed without restarting the service
  • Zone-based: Applies different security policies based on network interfaces or sources
  • Service and Port Management: Easy to open/block specific services (SSH, HTTP, etc.) or ports
  • Rich Rules: Allows for complex condition-based rule configuration
  • IPv4 and IPv6 Support

Main Options

These are options used when running the firewalld daemon itself. Most firewall rule management is done through the firewall-cmd command.

Daemon Execution Options

Generated command:

Try combining the commands.

Description:

`firewalld` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

The firewalld service is primarily managed via the systemctl command. Firewall rule configuration uses the firewall-cmd command.

Start firewalld Service

sudo systemctl start firewalld

Starts the firewalld daemon.

Enable firewalld Service (Start on Boot)

sudo systemctl enable firewalld

Configures firewalld to start automatically on system boot.

Check firewalld Service Status

sudo systemctl status firewalld

Checks the current status of the firewalld service.

Restart firewalld Service

sudo systemctl restart firewalld

Restarts the firewalld service.

Reload firewalld Configuration (After Rule Changes)

sudo firewall-cmd --reload

Reloads and applies firewall rules without stopping the service.

Installation

firewalld is included by default in many Red Hat-based Linux distributions such as CentOS, Fedora, and RHEL. It may need to be installed manually on Debian/Ubuntu-based systems.

CentOS/Fedora/RHEL

sudo dnf install firewalld

Installs firewalld using dnf (or yum).

Debian/Ubuntu

sudo apt install firewalld

Installs firewalld using apt.

Tips & Notes

Tips and notes for effectively using firewalld.

Utilizing firewall-cmd

All firewall rule configuration and management for firewalld is done through the 'firewall-cmd' command. For example, opening ports, adding services, and setting zones require using firewall-cmd.

  • Check currently active zones: `firewall-cmd --get-active-zones`
  • Open a specific port (e.g., HTTP 80/tcp): `sudo firewall-cmd --zone=public --add-port=80/tcp --permanent`
  • Apply changes: `sudo firewall-cmd --reload`

Applying Permanent Rules

When adding rules with firewall-cmd, you must use the `--permanent` option for the rules to persist after a system reboot. After using the `--permanent` option, you must run `firewall-cmd --reload` to apply the changes.

Understanding Default Zones

firewalld defaults to the 'public' zone, but offers various other zones such as 'home', 'work', 'internal', 'external', 'trusted', 'drop', and 'block'. Each zone has a different security level.

Relationship with iptables

firewalld internally uses iptables (or nftables), but provides a more abstracted interface than directly using iptables commands. When using firewalld, it is advisable to avoid directly manipulating iptables commands.

Same category commands

curl

The Complete Guide to the Curl Command

dig

dig: DNS Information Lookup

ftp

ftp: File Transfer Protocol Client

host

host: DNS Lookup Utility

http

Mastering the HTTPie Command