A short CMD memo of Firewalld on RHEL8/CentOS8
Firewalld is elemental protection for RHEL 8 or CentOS 8. Well set Firewalld service should be primary before your OS accesses the Internet. This post is a summary of commands about Firewalld.
Please note that root or sudo level privileges are required to conduct all commands below.
PART I. Using systemctl to simply manage Firewalld
-
Lock Firewalld to suspend operation
# systemctl mask firewalld -
Unlock Firewalld
# systemctl unmask firewalld -
Start Firewalld
# systemctl start firewalld.service -
Stop Firewalld
# systemctl stop firewalld.service -
Reload Firewalld with possibility of restarting service
# systemctl reload firewalld.service -
Restart Firewalld
# systemctl restart firewalld.service -
Display the status of Firewalld
# systemctl status firewalld.service -
Autorun Firewalld after boot
# systemctl enable firewalld.service -
Disable autorun of Firewalld
# systemctl disable firewalld.service -
Check the validity of Firewalld autorun
# systemctl is-enabled firewalld.service -
Check all services list
# systemctl list-unit-files# systemctl list-unit-files | grep enabled# add grep to filtrate -
Check failed services
# systemctl --failed
PART II. Some commends from Firewalld itself
1. Basic command lines
-
Check Firewalld status
# firewall-cmd --state -
Update Firewalld rules
# firewall-cmd --reload# dynamically reload without restarting# firewall-cmd --complete-reload# with restarting -
Check all open ports
# firewall-cmd --list-ports -
Check allowed services
# firewall-cmd --list-services -
Acquire support services
# firewall-cmd --get-services -
Reject all packages in urgency
# firewall-cmd --panic-on -
Cancel packages rejection
# firewall-cmd --panic-off
2. Zone settings
-
Check all zones
# firewall-cmd --list-all-zones -
Check active zone
# firewall-cmd --get-active-zones -
Set default public as default zone
# firewall-cmd --set-default-zone=public -
Check default zone
# firewall-cmd --get-default-zone
3. Interface
-
Get the zone of interface eth0
# firewall-cmd --get-zone-of-interface=eth0 -
Add interface eth0 to public zone
# firewall-cmd --zone=public --add-interface=eth0 -
Delete interface eth0 from public zone
# firewall-cmd --zone=public --remove-interface=eth0 -
Add interface eth0 to default zone
# firewall-cmd --zone=default --change-interface=eth0
4. Port configurations
-
Permanently open port 80 in global pattern
# firewall-cmd --add-port=80/tcp --permanent -
Permanently close port 80 in global pattern
# firewall-cmd --remove-port=80/tcp --permanent -
Permanently open port 65001 - 65010 in global pattern
# firewall-cmd --add-port=65001-65010/tcp --permanent -
Permanently open port 80 in public zone
# firewall-cmd --zone=public --add-port=80/tcp --permanent -
Permanently close port 80 in public zonen
# firewall-cmd --zone=public --remove-port=80/tcp --permanent -
Permanently open port 65001 - 65010 in public zone
# firewall-cmd --zone=public --add-port=65001-65010/tcp --permanent -
Check if port 8080 opens
# firewall-cmd --query-port=8080/tcp
