Contents[Show]

1. All commands need to be run as root

# su -
 

2. To control the firewalld service

# systemctl disable firewalld

# systemctl stop firewalld

# systemctl restart firewalld.service

# systemctl status firewalld
Note! When allowing or removing services and ports, alway restart the firewall service after!

 

3. Get the default zone

# firewall-cmd --get-active-zones
 

4. List services on that zone

# firewall-cmd --zone=public --list-all
# firewall-cmd --zone=work --list-all

Note! Any rules in the public zone will always be active, regardless of what zone is actually active.

 

5. Add a TCP and UDP ports

# firewall-cmd --permanent --zone=public --add-port=80/tcp

# firewall-cmd --permanent --zone=public --add-port=123/udp
 

6. Add an IP-range

# firewall-cmd --permanent --zone=work --list-sources

# firewall-cmd --permanent --zone=work --add-source=192.168.0.9/24

# firewall-cmd --permanent --zone=work --add-port=1-64999/tcp
# firewall-cmd --permanent --zone=work --add-port=1-64999/udp

# systemctl restart firewalld.service

# firewall-cmd --get-active-zones
# firewall-cmd --permanent --zone=work --list-sources
 

7. Add and remove a service

# firewall-cmd --permanent --zone=public --add-service=http
# firewall-cmd --permanent --zone=public --add-service=nfs

# firewall-cmd --permanent --zone=public --remove-service=http
# firewall-cmd --permanent --zone=public --remove-service=nfs
 

8. Add source, then a service or port from that source

# firewall-cmd --permanent --zone=public --add-source=192.168.0.9/24

# firewall-cmd --permanent --zone=public --remove-service=rsync
 
Note! When allowing or removing services and ports, alway restart the firewall service after!
 
 

9. Sources

https://www.liquidweb.com/kb/how-to-stop-and-disable-firewalld-on-centos-7/