Contents[Show]

1. All commands need to be run as root

# su -
 

2. To control the firewalld service

# systemctl disable firewalld
# systemctl stop firewalld# systemctl restart firewalld.service# systemctl status firewalld
Note! When allowing or removing services and ports, alway restart the firewall service after!

 

3. Get the default zone

# firewall-cmd --get-active-zones
 

4. List services on that zone

# firewall-cmd --zone=public --list-all# firewall-cmd --zone=work --list-all

Note! Any rules in the public zone will always be active, regardless of what zone is actually active.

 

5. Add a TCP and UDP ports

# firewall-cmd --permanent --zone=public --add-port=80/tcp# firewall-cmd --permanent --zone=public --add-port=123/udp
 

6. Add an IP-range

# firewall-cmd --permanent --zone=work --list-sources
# firewall-cmd --permanent --zone=work --add-source=192.168.0.9/24
# firewall-cmd --permanent --zone=work --add-port=1-64999/tcp
# firewall-cmd --permanent --zone=work --add-port=1-64999/udp
# systemctl restart firewalld.service
# firewall-cmd --get-active-zones
# firewall-cmd --permanent --zone=work --list-sources
 

7. Add and remove a service

# firewall-cmd --permanent --zone=public --add-service=http# firewall-cmd --permanent --zone=public --add-service=nfs# firewall-cmd --permanent --zone=public --remove-service=http# firewall-cmd --permanent --zone=public --remove-service=nfs
 

8. Add source, then a service or port from that source

# firewall-cmd --permanent --zone=public --add-source=192.168.0.9/24# firewall-cmd --permanent --zone=public --remove-service=rsync
 
Note! When allowing or removing services and ports, alway restart the firewall service after!
 
 

9. Sources

https://www.liquidweb.com/kb/how-to-stop-and-disable-firewalld-on-centos-7/