Tuncay Sahin

ICT Engineer | Docent ICT & Trainer

RHEL/CentOS 7 introduces a new firewall daemon called FirewallD, a dynamically managed firewall that supports zones to define the trust level of network connections or interfaces. Because FirewallD runs as a daemon it also allows rules to be added instantly without the need to save or apply the changes. Firewalld daemon uses iptables tool to talk to the kernel packet filter.

Use the firewall-cmd command line tool to setup the firewall, the most important commands are:

show if FirewallD is running

firewall-cmd –state

reload the firewall

firewall-cmd –reload

list all the defined zones

firewall-cmd –get-zones

list all the supported services

firewall-cmd –get-services

list all the active zones

firewall-cmd –get-active-zones

add interface to the zone

firewall-cmd [–zone=] –add-interface=

change interface to zone

firewall-cmd [–zone=] –change-interface=

remove interface from the zone

firewall-cmd [–zone=] –remove-interface=

enable panic mode blocking all network connections

firewall-cmd –panic-on

disable panic mode

firewall-cmd –panic-off

add a service to a zone

firewall-cmd [–zone=] –add-service= [–timeout=]

remove service from a zone

firewall-cmd [–zone=] –remove-service= [–timeout=]

add a port to a zone

firewall-cmd [–zone=] –add-port=[-]/ [–timeout=]

remove a port from a zone

firewall-cmd [–zone=] –remove-port=[-]/ [–timeout=]

add masquerade to a zone

firewall-cmd [–zone=] –add-masquerade

remove masquerade from a zone

firewall-cmd [–zone=] –remove-masquerade

add port forwarding to a zone

firewall-cmd [–zone=] –add-forward-port=port=[-]:proto= { :toport=[-] | :toaddr=| :toport=[-]:toaddr=}

remove port forward from a zone

firewall-cmd [–zone=] –remove-forward-port=port=[-]:proto= { :toport=[-] | :toaddr=| :toport=[-]:toaddr=}


Disabling FirewallD

If for any reason you would wish to disable FirewallD or use iptables instead you can do so with the following commands:

Stop FirewallD

systemctl stop firewalld

Disable FirewallD

systemctl disable firewalld

Meer informatie

Voor meer informatie of voor een persoonlijk adviesgesprek kunt u altijd vrijblijvend contact met mij opnemen.