firewalld

Commands that make use of --permanent will not take effect until firewalld restarts.

List the known zones
firewall-cmd --get-zones
View information about the active zones
firewall-cmd --get-active-zones
Add an interface to the DMZ zone
  • firewall-cmd --permanent --zone=dmz --change-interface=interface
  • In /etc/sysconfig/network-scripts/ifcfg-interface, set ZONE=dmz
List the services known by firewalld—known service definitions exist in
/usr/lib/firewalld/services/
firewall-cmd --get-services
List the services permitted within within a zone
firewall-cmd --zone=*public* --list-all
Permit a service on the interfaces in the DMZ zone
firewall-cmd --permanent --zone=dmz --add-service=service
Log rejections
firewall-cmd --set-log-denied=all

My research interests include free and open source software, system security, and network security.