firewalld
Commands that make use of --permanent will not take effect until firewalld restarts.
- List the known zones
-
firewall-cmd --get-zones
- View information about the active zones
-
firewall-cmd --get-active-zones
- Add an interface to the DMZ zone
firewall-cmd --permanent --zone=dmz --change-interface=interface- In
/etc/sysconfig/network-scripts/ifcfg-interface, setZONE=dmz
- List the services known by firewalld—known service definitions exist in /usr/lib/firewalld/services/
-
firewall-cmd --get-services
- List the services permitted within within the zone named public
-
firewall-cmd --zone=public --list-all
- Permit the https service on the interfaces in the dmz zone
-
firewall-cmd --permanent --zone=dmz --add-service=https
andfirewall-cmd --zone=dmz --add-service=https
- Log rejections
-
firewall-cmd --set-log-denied=all
