SoFunction
Updated on 2025-04-21

The usage of firewalld in Linux command

Linux command firewalld

1. Program package

firewalld、firewall-config、system-config-firewall-base (*AvailableyumInstall simultaneously)

2. Start firewalld

systemctl enable firewalld
systemctl restart firewalld

3. Configuration file

  • Under /etc/firewallld/

4. Nine areas defined by firewalld rules

  • public: Default boot area, public area --- Only allowed communication can be passed
  • trusted: Trust area --- Allow all communications to pass
  • drop:Discard the area --- All communications are rejected
  • block: Similar to drop --- Denied all external communications, allowed internal communications
  • external: NAT area --- Turn on NAT and port mapping
  • dmz: Demilitarized zone --- A server that allows external access
  • work: Work area
  • home: Family Area
  • internal: Internal area

5. Command to define firewall rules: firewall-cmd

5.1 View

(1) Check the status of firewall

# firewall-cmd --state ==systemctl status firewalld

(2) View the default area

# firewall-cmd --get-default-zone

(3) View all rules in the default area

# firewall-cmd --list-all

(4) View all areas

# firewall-cmd --get-zones

(5) Check the service names of all services

# firewall-cmd --get-services

(6) View the area where the specified interface is located

# firewall-cmd --get-zone-of-interface=eno0

(7) View the specified rules by viewing the area

# firewall-cmd --zone=trusted --list-all

(8) View all areas rules

# firewall-cmd --list-all-zones

5.2 Modification

(1) Modify the default area

# firewall-cmd --set-default-zone=trusted

(2) Add services in the current default area

# firewall-cmd --add-service=http

(3) Add a network card to a certain area. The network card is in a zone-free state before adding it.

# firewall-cmd --zone=trusted --add-interface=eno0

(4) Change the area where an interface is located

# firewall-cmd --zone=trusted --change-interface=eno0

(5) Specify the port and protocol, and it must be clearly written whether it is tcp or udp

# firewall-cmd --add-port=80/tcp

5.3 Remove

(1) Remove http in the current area

# firewall-cmd --remove-service=http

(2) Remove the network card from the default area

# firewall-cmd --remove-interface=eno0

(3) Remove the network card from a certain area, and the status of the network card will become no area

# firewall-cmd --zone=trusted --remove-interface=eno0

Summarize

The above is personal experience. I hope you can give you a reference and I hope you can support me more.