FirewallD is a dynamic firewall management tool used on modern Linux distributions such as AlmaLinux, Rocky Linux, CentOS, and RHEL. It provides an easy way to manage iptables and nftables rules using zones, services, ports, and rich rules. FirewallD is widely used in VPS hosting environments, dedicated servers, and enterprise Linux systems to secure network traffic and control inbound and outbound connections.

1. Check Firewall Status

sudo firewall-cmd --state
  • sudo → Runs the command with administrative privileges.
  • --state → Displays whether FirewallD is running.

2. Start FirewallD

sudo systemctl start firewalld
  • systemctl → Controls systemd services.
  • start → Starts the FirewallD service.
  • firewalld → Firewall service name.

3. Enable FirewallD at Boot

sudo systemctl enable firewalld
  • enable → Starts FirewallD automatically at boot.

4. List Active Zones

sudo firewall-cmd --get-active-zones
  • --get-active-zones → Displays active firewall zones.

5. List All Rules in Current Zone

sudo firewall-cmd --list-all
  • --list-all → Shows services, ports, and settings in the active zone.

6. Add HTTP Service Permanently

sudo firewall-cmd --permanent --add-service=http
  • --permanent → Makes rule persistent after reboot.
  • --add-service=http → Opens HTTP (port 80).

7. Add HTTPS Service

sudo firewall-cmd --permanent --add-service=https
  • --add-service=https → Opens HTTPS (port 443).

8. Open a Custom Port

sudo firewall-cmd --permanent --add-port=8080/tcp
  • --add-port=8080/tcp → Opens TCP port 8080.

9. Remove a Port

sudo firewall-cmd --permanent --remove-port=8080/tcp
  • --remove-port=8080/tcp → Closes TCP port 8080.

10. Reload FirewallD

sudo firewall-cmd --reload
  • --reload → Applies configuration changes.

11. Allow SSH Service

sudo firewall-cmd --permanent --add-service=ssh
  • --add-service=ssh → Opens SSH (default port 22).

12. Change Default Zone

sudo firewall-cmd --set-default-zone=public
  • --set-default-zone=public → Sets the default firewall zone.

13. Assign Interface to Zone

sudo firewall-cmd --zone=public --change-interface=eth0
  • --zone=public → Specifies the firewall zone.
  • --change-interface=eth0 → Assigns network interface to zone.

14. Allow IP Address

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="1.2.3.4" accept'
  • --add-rich-rule → Adds advanced firewall rule.
  • source address="1.2.3.4" → Specifies allowed IP address.
  • accept → Allows traffic.

15. Block an IP Address

sudo firewall-cmd --permanent --add-rich-rule='rule family="ipv4" source address="5.6.7.8" reject'
  • reject → Blocks traffic from the specified IP.

16. Enable Masquerading (NAT)

sudo firewall-cmd --permanent --add-masquerade
  • --add-masquerade → Enables network address translation.

17. Forward a Port

sudo firewall-cmd --permanent --add-forward-port=port=80:proto=tcp:toport=8080
  • --add-forward-port → Adds port forwarding rule.
  • port=80 → Incoming port.
  • proto=tcp → Protocol used.
  • toport=8080 → Destination port.

18. List Available Services

sudo firewall-cmd --get-services
  • --get-services → Displays predefined services.

19. Remove a Service

sudo firewall-cmd --permanent --remove-service=http
  • --remove-service=http → Closes HTTP service.

20. Panic Mode (Block All Traffic)

sudo firewall-cmd --panic-on
  • --panic-on → Immediately blocks all incoming and outgoing traffic.

21. Disable Panic Mode

sudo firewall-cmd --panic-off
  • --panic-off → Restores normal firewall operation.

22. Check Open Ports

sudo firewall-cmd --list-ports
  • --list-ports → Displays currently open ports.

Why FirewallD Is Essential for Linux Server Security

FirewallD simplifies firewall management for Linux VPS hosting, cloud servers, and enterprise systems. With support for zones, rich rules, NAT, port forwarding, and service-based configuration, it provides flexible and secure network traffic control. Proper FirewallD configuration is critical for protecting web servers, database servers, SSH access, and custom applications.

Final thoughts

These useful FirewallD examples demonstrate how to manage Linux firewall rules efficiently and securely. Whether you are configuring a VPS, protecting a production web server, or setting up advanced port forwarding, mastering FirewallD is essential for modern Linux system administration. A properly configured firewall greatly improves security, reduces attack surface, and ensures reliable network performance.

Hjälpte svaret dig? 85 användare blev hjälpta av detta svar (303 Antal röster)

Mest populär

Changing the SSH Port for Your Linux Server

You can change the default SSH port for your Linux server as an added security measure NOTE!...
How to install Ansible and Use it in Automation

In this artical we will known about how to install Ansible, Before going through that we would...
IPTABLES examples

#1: Displaying the Status of Your Firewall Type the following command as root: # iptables -L -n...
7 Must know Linux commands for everyday system administration

List Top Processes sorted by RAM or CPU Usage in Linux The following command will show the...
How to copy my files to and from my linux vps

Prerequisites: FileZilla - we will use FileZilla which can be downloaded from here for free:...