Firewalld - firewall-cmd - bind an ethernet interface to a zone
by
Jeremy Canfield |
Updated: April 26 2022
| Firewalld articles
If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.
The --list-all-zones option can be used to list the zones. Something like this should be returned for each zone.
~]# firewall-cmd --list-all-zones
public
target: default
icmp-block-inversion: no
interfaces:
sources:
services: dhcpv6-client mdns ssh
ports:
protocols:
forward: no
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
The --add-interface option can be used to bind an interface to a zone. In this example, eth0 is bound to the public zone.
firewall-cmd --zone=public --add-interface eth0 --permanent
firewall-cmd --reload
The --remove-interface option can be used to remove an interface from a zone.
firewall-cmd --zone=public --remove-interface eth0 --permanent
firewall-cmd --reload
The --check-config command can be used to ensure there are no configuration errors.
~]$ firewall-cmd --check-config
success
The --list-interfaces option can be used to display the interfaces a zone is bound to.
~]# firewall-cmd --zone public --list-interfaces
eth0
Or, the --list-all can be used.
~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: smtp
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Did you find this article helpful?
If so, consider buying me a coffee over at 