A short CMD memo of Firewalld on RHEL8/CentOS8
Firewalld is elemental protection for RHEL 8 or CentOS 8. Well set Firewalld service should be primary before your OS accesses the Internet. This post is a summary of commands about Firewalld.
Please note that root or sudo level privileges are required to conduct all commands below.
PART I. Using systemctl to simply manage Firewalld
Lock Firewalld to suspend operation
# systemctl mask firewalld
Unlock Firewalld
# systemctl unmask firewalld
Start Firewalld
# systemctl start firewalld.service
Stop Firewalld
# systemctl stop firewalld.service
Reload Firewalld with possibility of restarting service
# systemctl reload firewalld.service
Restart Firewalld
# systemctl restart firewalld.service
Display the status of Firewalld
# systemctl status firewalld.service
Autorun Firewalld after boot
# systemctl enable firewalld.service
Disable autorun of Firewalld
# systemctl disable firewalld.service
Check the validity of Firewalld autorun
# systemctl is-enabled firewalld.service
Check all services list
# systemctl list-unit-files
# systemctl list-unit-files | grep enabled
# add grep to filtrateCheck failed services
# systemctl --failed
PART II. Some commends from Firewalld itself
1. Basic command lines
Check Firewalld status
# firewall-cmd --state
Update Firewalld rules
# firewall-cmd --reload
# dynamically reload without restarting# firewall-cmd --complete-reload
# with restartingCheck all open ports
# firewall-cmd --list-ports
Check allowed services
# firewall-cmd --list-services
Acquire support services
# firewall-cmd --get-services
Reject all packages in urgency
# firewall-cmd --panic-on
Cancel packages rejection
# firewall-cmd --panic-off
2. Zone settings
Check all zones
# firewall-cmd --list-all-zones
Check active zone
# firewall-cmd --get-active-zones
Set default public as default zone
# firewall-cmd --set-default-zone=public
Check default zone
# firewall-cmd --get-default-zone
3. Interface
Get the zone of interface eth0
# firewall-cmd --get-zone-of-interface=eth0
Add interface eth0 to public zone
# firewall-cmd --zone=public --add-interface=eth0
Delete interface eth0 from public zone
# firewall-cmd --zone=public --remove-interface=eth0
Add interface eth0 to default zone
# firewall-cmd --zone=default --change-interface=eth0
4. Port configurations
Permanently open port 80 in global pattern
# firewall-cmd --add-port=80/tcp --permanent
Permanently close port 80 in global pattern
# firewall-cmd --remove-port=80/tcp --permanent
Permanently open port 65001 - 65010 in global pattern
# firewall-cmd --add-port=65001-65010/tcp --permanent
Permanently open port 80 in public zone
# firewall-cmd --zone=public --add-port=80/tcp --permanent
Permanently close port 80 in public zonen
# firewall-cmd --zone=public --remove-port=80/tcp --permanent
Permanently open port 65001 - 65010 in public zone
# firewall-cmd --zone=public --add-port=65001-65010/tcp --permanent
Check if port 8080 opens
# firewall-cmd --query-port=8080/tcp