Remember to maintain security and privacy. Do not share sensitive information. Procedimento.com.br may make mistakes. Verify important information. Termo de Responsabilidade

How to Configure and Manage Firewalld on Linux

Firewalld is a powerful and flexible firewall management tool available on many Linux distributions, including Fedora, CentOS, and Red Hat Enterprise Linux (RHEL). It provides a dynamic way to manage firewall rules and supports both IPv4 and IPv6. Understanding how to configure and manage Firewalld is crucial for system administrators to ensure network security and control traffic flow.


Firewalld uses zones to define the trust level of network connections or interfaces. Each zone has its own set of rules that determine what traffic is allowed or denied. This article will guide you through the basics of Firewalld, including installation, basic configuration, and common commands.


Examples:


1. Installing Firewalld:
To install Firewalld on your Linux system, use the package manager specific to your distribution. For example, on Fedora, CentOS, or RHEL, you can use the following command:


   sudo dnf install firewalld

On Debian-based systems like Ubuntu, you can use:


   sudo apt-get install firewalld

2. Starting and Enabling Firewalld:
After installation, you need to start the Firewalld service and enable it to start on boot:


   sudo systemctl start firewalld

   sudo systemctl enable firewalld

3. Checking Firewalld Status:
To check the status of Firewalld, use:


   sudo systemctl status firewalld

4. Listing Available Zones:
Firewalld uses zones to manage traffic. To list all available zones:


   sudo firewall-cmd --get-zones

5. Setting the Default Zone:
The default zone is applied to all network interfaces that are not explicitly assigned to another zone. To set the default zone to "public":


   sudo firewall-cmd --set-default-zone=public

6. Adding Services to a Zone:
To allow a specific service, such as HTTP, in the "public" zone:


   sudo firewall-cmd --zone=public --add-service=http --permanent

   sudo firewall-cmd --reload

7. Adding Ports to a Zone:
To allow a specific port, such as TCP port 8080, in the "public" zone:


   sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

   sudo firewall-cmd --reload

8. Removing Services or Ports:
To remove a service or port from a zone, use the --remove-service or --remove-port options:


   sudo firewall-cmd --zone=public --remove-service=http --permanent

   sudo firewall-cmd --zone=public --remove-port=8080/tcp --permanent

   sudo firewall-cmd --reload

9. Listing All Rules in a Zone:
To list all rules configured in a specific zone:


   sudo firewall-cmd --zone=public --list-all

10. Rich Rules:
Firewalld also supports rich rules for more granular control. For example, to allow SSH traffic only from a specific IP address:


    sudo firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" service name="ssh" accept' --permanent

    sudo firewall-cmd --reload

To share Download PDF

Linux Firewalld firewall-cmd systemctl dnf apt-get