Home
Download

Open Source

Projects
Patches

System Integration

Notes
SRPMs

Use of firewalld

Commands which make use of --permanent will not take effect until firewalld restarts.
List the known zones
firewall-cmd --get-zones
View information about the active zones
firewall-cmd --get-active-zones
Add an interface to the DMZ zone
  • firewall-cmd --permanent --zone=dmz --change-interface=interface
  • In /etc/sysconfig/network-scripts/ifcfg-interface, set ZONE=dmz
List the services known by firewalld (know-service definitions exist in /usr/lib/firewalld/services/)
firewall-cmd --get-services
List the services permitted within within a zone
firewall-cmd --zone=public --list-all
Permit a service on the interfaces in the DMZ zone
firewall-cmd --permanent --zone=dmz --add-service=service
Log rejections
firewall-cmd --set-log-denied=all
Email: www@flyn.org — ✉ 6110 Campfire Court; Columbia, Maryland 21045; USA