A short CMD memo of Firewalld on RHEL8/CentOS8

Firewalld is elemental protection for RHEL 8 or CentOS 8. Well set Firewalld service should be primary before your OS accesses the Internet. This post is a summary of commands about Firewalld.
Please note that root or sudo level privileges are required to conduct all commands below.
PART I. Using systemctl to simply manage Firewalld
-
Lock Firewalld to suspend operation
# systemctl mask firewalld
-
Unlock Firewalld
# systemctl unmask firewalld
-
Start Firewalld
# systemctl start firewalld.service
-
Stop Firewalld
# systemctl stop firewalld.service
-
Reload Firewalld with possibility of restarting service
# systemctl reload firewalld.service
-
Restart Firewalld
# systemctl restart firewalld.service
-
Display the status of Firewalld
# systemctl status firewalld.service
-
Autorun Firewalld after boot
# systemctl enable firewalld.service
-
Disable autorun of Firewalld
# systemctl disable firewalld.service
-
Check the validity of Firewalld autorun
# systemctl is-enabled firewalld.service
-
Check all services list
# systemctl list-unit-files
# systemctl list-unit-files | grep enabled
# add grep to filtrate -
Check failed services
# systemctl --failed
PART II. Some commends from Firewalld itself
1. Basic command lines
-
Check Firewalld status
# firewall-cmd --state
-
Update Firewalld rules
# firewall-cmd --reload
# dynamically reload without restarting# firewall-cmd --complete-reload
# with restarting -
Check all open ports
# firewall-cmd --list-ports
-
Check allowed services
# firewall-cmd --list-services
-
Acquire support services
# firewall-cmd --get-services
-
Reject all packages in urgency
# firewall-cmd --panic-on
-
Cancel packages rejection
# firewall-cmd --panic-off
2. Zone settings
-
Check all zones
# firewall-cmd --list-all-zones
-
Check active zone
# firewall-cmd --get-active-zones
-
Set default public as default zone
# firewall-cmd --set-default-zone=public
-
Check default zone
# firewall-cmd --get-default-zone
3. Interface
-
Get the zone of interface eth0
# firewall-cmd --get-zone-of-interface=eth0
-
Add interface eth0 to public zone
# firewall-cmd --zone=public --add-interface=eth0
-
Delete interface eth0 from public zone
# firewall-cmd --zone=public --remove-interface=eth0
-
Add interface eth0 to default zone
# firewall-cmd --zone=default --change-interface=eth0
4. Port configurations
-
Permanently open port 80 in global pattern
# firewall-cmd --add-port=80/tcp --permanent
-
Permanently close port 80 in global pattern
# firewall-cmd --remove-port=80/tcp --permanent
-
Permanently open port 65001 - 65010 in global pattern
# firewall-cmd --add-port=65001-65010/tcp --permanent
-
Permanently open port 80 in public zone
# firewall-cmd --zone=public --add-port=80/tcp --permanent
-
Permanently close port 80 in public zonen
# firewall-cmd --zone=public --remove-port=80/tcp --permanent
-
Permanently open port 65001 - 65010 in public zone
# firewall-cmd --zone=public --add-port=65001-65010/tcp --permanent
-
Check if port 8080 opens
# firewall-cmd --query-port=8080/tcp