Some useful firewalld/firewall-cmd functions

Contents

Start or stop the firewall

systemctl start firewalld
systemctl stop firewalld

Get a list of all available zones

firewall-cmd --get-zones

Get a list of all available services

Fedora 31, January 2020

firewall-cmd --get-services | tr ' ' '\n' | pr -4 | expand -t8 | less

RH-Satellite-6    git               mssql             sips
amanda-client     grafana           murmur            slp
amanda-k5-client  gre               mysql             smtp
amqp              high-availability nfs               smtp-submission
amqps             http              nfs3              smtps
apcupsd           https             nmea-0183         snmp
audit             imap              nrpe              snmptrap
bacula            imaps             ntp               spideroak-lansync
bacula-client     ipp               nut               spotify-sync
bb                ipp-client        openvpn           squid
bgp               ipsec             ovirt-imageio     ssdp
bitcoin           irc               ovirt-storagecons ssh
bitcoin-rpc       ircs              ovirt-vmconsole   steam-streaming
bitcoin-testnet   iscsi-target      plex              svdrp
bitcoin-testnet-r isns              pmcd              svn
bittorrent-lsd    jenkins           pmproxy           syncthing
ceph              kadmin            pmwebapi          syncthing-gui
ceph-mon          kde-connect       pmwebapis         synergy
cfengine          kdeconnect        pop3              syslog
cockpit           kerberos          pop3s             syslog-tls
condor-collector  kibana            postgresql        telnet
ctdb              klogin            privoxy           tentacle
dhcp              kpasswd           prometheus        tftp
dhcpv6            kprop             proxy-dhcp        tftp-client
dhcpv6-client     kshell            ptp               tile38
distcc            ldap              pulseaudio        tinc
dns               ldaps             puppetmaster      tor-socks
dns-over-tls      libvirt           quassel           transmission-client
docker-registry   libvirt-tls       radius            upnp-client
docker-swarm      lightning-network rdp               vdsm
dropbox-lansync   llmnr             redis             vnc-server
elasticsearch     managesieve       redis-sentinel    wbem-http
etcd-client       matrix            rpc-bind          wbem-https
etcd-server       mdns              rsh               wsman
finger            memcache          rsyncd            wsmans
freeipa-4         minidlna          rtsp              xdmcp
freeipa-ldap      mongodb           salt-master       xmpp-bosh
freeipa-ldaps     mosh              samba             xmpp-client
freeipa-replicati mountd            samba-client      xmpp-local
freeipa-trust     mqtt              samba-dc          xmpp-server
ftp               mqtt-tls          sane              zabbix-agent
ganglia-client    ms-wbt            sip               zabbix-server
ganglia-master

Show all available zones

firewall-cmd --get-active-zones

Show the default zone

firewall-cmd --get-default-zone

Show detailed information about a zone

firewall-cmd --list-all
firewall-cmd --info-zone=<zone>
firewall-cmd --info-zone=public

Add a service to a zone

firewall-cmd --add-service servicename
firewall-cmd --add-service servicename --permanent
firewall-cmd --zone=zonename --add-service servicename
firewall-cmd --zone=zonename --add-service servicename --permanent

Enable port 4224 for one hour

firewall-cmd --add-port 4224 --timeout 1h

Make the current configuration permanent

firewall-cmd --runtime-to-permanent