Firewalld - firewall-cmd - allow or deny a service

If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.

The --add-service option can be used to allow connections to a certain service, such as SMTP.

firewall-cmd --add-service=smtp --permanent
firewall-cmd --reload

 

The --remove-service option can be used to remove an allows service.

firewall-cmd --remove-service=smtp --permanent
firewall-cmd --reload

 

Each service has an XML file located at /usr/lib/firewalld/services which contains the port and protocol being used by the service. For example, the ssh.xml file is using port 22 and the TCP protocol.

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <port protocol="tcp" port="22"/>
</service>

 

The --check-config command can be used to ensure there are no configuration errors.

~]$ firewall-cmd --check-config
success

 

The --list-services option can be used to display the services that are allowed in a zone.

~]# firewall-cmd --zone public --list-services
smtp

 

Or, the --list-all option can be used.

~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: smtp
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

 

Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee

Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.





Please enter 74e4e in the box below so that we can be sure you are a human.