Firewalld
Firewalld
zones
man 5 firewalld.service /usr/lib/firewalld/zones
/usr/lib/firewalld/services xml config files services /etc/firewalld/zones
overrides /etc/firewalld/services/
drop
non persistent changes
block use reject
firewall-cmd --direct direct interface family=ipv4|ipv6 default both
zones public
enter ipfilter rules directly net/mask
external for nat source address=# {invert=true|false}
--get-active-zones host
dmz
--list-all destination address=#
work
--list-interfaces {invert=true|false}
internal
alt: ifcfg-#int->ZONE=#z --add-interface=#int service=#s
--add-port=#port-#port/#proto
trusted accept all
icmp-block name=#type uses reject
--add-service=#s --zone=#z firewall-cmd Firewalld port=#p protocol=#proto
--query-maswuerade
Rich Language prefix=# added to msg
--add-masquerade
log level=#
--add-forward-port=port=#p:proto=#proto:toport=#d:toaddr=#a
limit value="#r/smhd"
--add-rich-rule=#rule {--timeout=#s}
audit
firewall-config gui tool
drop all --panic-{on|off}
masquerade
reload without dropouts --reload
accept|reject|drop
--complete-reload
forward-port port=# protocol=# to-port=#
make setting permanent --permanent
to-addr=#
DefaultZone=public
/etc/firewalld/firewalld.conf man 5 firewalld.richlanguage
man 5 firewalld.conf