Some useful firewalld/firewall-cmd functions
Contents
Start or stop the firewall
systemctl start firewalld systemctl stop firewalld
Get a list of all available zones
firewall-cmd --get-zones
Get a list of all available services
Fedora 31, January 2020
firewall-cmd --get-services | tr ' ' '\n' | pr -4 | expand -t8 | less RH-Satellite-6 git mssql sips amanda-client grafana murmur slp amanda-k5-client gre mysql smtp amqp high-availability nfs smtp-submission amqps http nfs3 smtps apcupsd https nmea-0183 snmp audit imap nrpe snmptrap bacula imaps ntp spideroak-lansync bacula-client ipp nut spotify-sync bb ipp-client openvpn squid bgp ipsec ovirt-imageio ssdp bitcoin irc ovirt-storagecons ssh bitcoin-rpc ircs ovirt-vmconsole steam-streaming bitcoin-testnet iscsi-target plex svdrp bitcoin-testnet-r isns pmcd svn bittorrent-lsd jenkins pmproxy syncthing ceph kadmin pmwebapi syncthing-gui ceph-mon kde-connect pmwebapis synergy cfengine kdeconnect pop3 syslog cockpit kerberos pop3s syslog-tls condor-collector kibana postgresql telnet ctdb klogin privoxy tentacle dhcp kpasswd prometheus tftp dhcpv6 kprop proxy-dhcp tftp-client dhcpv6-client kshell ptp tile38 distcc ldap pulseaudio tinc dns ldaps puppetmaster tor-socks dns-over-tls libvirt quassel transmission-client docker-registry libvirt-tls radius upnp-client docker-swarm lightning-network rdp vdsm dropbox-lansync llmnr redis vnc-server elasticsearch managesieve redis-sentinel wbem-http etcd-client matrix rpc-bind wbem-https etcd-server mdns rsh wsman finger memcache rsyncd wsmans freeipa-4 minidlna rtsp xdmcp freeipa-ldap mongodb salt-master xmpp-bosh freeipa-ldaps mosh samba xmpp-client freeipa-replicati mountd samba-client xmpp-local freeipa-trust mqtt samba-dc xmpp-server ftp mqtt-tls sane zabbix-agent ganglia-client ms-wbt sip zabbix-server ganglia-master
Show all available zones
firewall-cmd --get-active-zones
Show the default zone
firewall-cmd --get-default-zone
Show detailed information about a zone
firewall-cmd --list-all firewall-cmd --info-zone=<zone> firewall-cmd --info-zone=public
Add a service to a zone
firewall-cmd --add-service servicename firewall-cmd --add-service servicename --permanent firewall-cmd --zone=zonename --add-service servicename firewall-cmd --zone=zonename --add-service servicename --permanent
Enable port 4224 for one hour
firewall-cmd --add-port 4224 --timeout 1h
Make the current configuration permanent
firewall-cmd --runtime-to-permanent