In the Linux environment, the firewall-cmd command-line tool is used to configure firewall rules and manage the firewall settings. It is an essential tool for system administrators to secure their Linux systems by controlling network traffic. Firewall-cmd is a part of the firewalld service, which is the default firewall management solution in many Linux distributions, including CentOS, Fedora, and Red Hat Enterprise Linux.

Firewall-cmd provides a user-friendly interface to manage firewall rules using zones, services, and ports. It allows you to define rules based on source and destination IP addresses, ports, protocols, and more. With firewall-cmd, you can easily open or close ports, allow or deny specific services, and configure advanced firewall settings.

Examples:
1. List all active zones:

firewall-cmd --get-active-zones

This command will display all the active zones on your system. Zones are predefined sets of rules that determine the behavior of the firewall for different network connections. Common zones include public, internal, and trusted.

2. Open a port for a specific service:

firewall-cmd --zone=public --add-service=http --permanent

firewall-cmd --reload

This example opens port 80 for the HTTP service in the public zone. The --permanent option makes the rule persistent across reboots, and the --reload command reloads the firewall configuration.

3. Allow incoming traffic from a specific IP address:

firewall-cmd --zone=public --add-source=192.168.1.100 --permanent

firewall-cmd --reload

In this example, we allow incoming traffic from the IP address 192.168.1.100 in the public zone.

4. Block outgoing traffic to a specific port:

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="22" protocol="tcp" reject' --permanent

firewall-cmd --reload

This command blocks outgoing traffic to port 22 (SSH) from the IP range 192.168.1.0/24 in the public zone.

Note: The firewall-cmd command requires root or sudo privileges to execute.