Basic Configuration of Firewall on Linux

Basic commands firewalld

Look status:

# systemctl status firewall

# firewall-cmd --state


View zones:

# firewall-cmd –list-all

public (active)

target: default

icmp-block-inversion: no

interfaces: eth0


services: dhcpv6-client ssh

ports: 8081/tcp 53/udp 53/tcp


masquerade: no




rich rules:

It is seen that the open service: ssh (22/TCP),dhcpv6-client and ports 8081/tcp 53/udp 53/tcp, a Protocol is required without this the command will not be accepted

Allow connection to a specific port (for example 1732 ) is very simple:

# firewall-cmd --add-port=1732/tcp

# firewall-cmd --runtime-to-permanent

The second command will overwrite the Active settings to the saved and agreeme at boot

To remove a port from the rules, use the –remove-port parameter:

# firewall-cmd --remove-port=1732/tcp

# firewall-cmd --runtime-to-permanent

In General, many –add-* commands have values for checking the status of –query-*, –list-* — list, changing –change -*, or deleting –remove the corresponding value. For brevity, we will not continue to focus on this. After reload rules check:

# firewall-cmd --list-ports

Firewalld provides a mode that allows you to block all connections with a single command:

# firewall-cmd --panic-on

To check which mode the firewall is in, there is a special key:

# firewall-cmd --query-panic

Panic mode is disabled:

# firewall-cmd --panic-off

It is not necessary to know which port is associated with the service in firewalld, just specify the name of the service. The utility will take care of the rest. After installing firewall knows the settings of more than 50 services, we get a list of them.

# firewall-cmd --get-services

Allow http connection:

# firewall-cmd --add-service=http

Using braces, you can specify multiple services at once. Information on the settings of the services available through

# firewall-cmd --info-ser

Was this article helpful?

Related Articles

Leave A Comment?