Tech Chorus

Firewalld Cheatsheet

written by Sudheer Satyanarayana on 2016-07-12

List supported zones

firewall-cmd --get-zones

List active zones

firewall-cmd --get-active-zones

List zones with enabled features

firewall-cmd --list-all-zones

Permanently add source IP address to a zone

firewall-cmd --permanent --zone=<zone_name> --add-source=<ip_address>

Permanently remove source IP address from a zone

firewall-cmd --permanent --zone=<zone_name> --remove-source=<ip_address>

Reload firewall

firewall-cmd --reload

Permanently add a service to zone

firewall-cmd --permanent --zone=<zone_name> --add-service=<service_name>

Permanently add an interface to a zone

firewall-cmd --permanent --zone=<zone_name> --add-interface=<interface_name>

Permanently remove an interface from a zone

firewall-cmd --permanent --zone=<zone_name> --remove-interface=<interface_name>

Adding Custom Service

Copy from a template.

cp /usr/lib/firewalld/services/https.xml /etc/firewalld/services/myservice.xml

and edit the values. If you have an interface alias, this method might suit your needs:

See http://serverfault.com/questions/700266/firewalld-with-an-ip-alias-eth00