firewalld
Commands that make use of --permanent will not take effect until firewalld restarts.
- List the known zones:
-
firewall-cmd --get-zones
- View information about the active zones:
-
firewall-cmd --get-active-zones
- Add an interface to the DMZ zone:
firewall-cmd --permanent --zone=dmz --change-interface=interface- In
/etc/sysconfig/network-scripts/ifcfg-interface, setZONE=dmz
- List the services known by firewalld—known service definitions exist in /usr/lib/firewalld/services/:
-
firewall-cmd --get-services
- Describe the service named https:
-
firewall-cmd --info-service https
- List the services permitted within within the zone named public:
-
firewall-cmd --zone=public --list-all
- Permit the https service on the interfaces in the dmz zone:
-
firewall-cmd --permanent --zone=dmz --add-service=https
and:firewall-cmd --zone=dmz --add-service=https
- Log rejections:
-
firewall-cmd --set-log-denied=all
