FreeKB - Firewalld firewall-cmd - allow or deny a service
Firewalld - firewall-cmd - allow or deny a service

If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.

The --add-service option can be used to allow connections to a certain service, such as SMTP.

firewall-cmd --add-service=smtp --permanent
firewall-cmd --reload

 

The --remove-service option can be used to remove an allows service.

firewall-cmd --remove-service=smtp --permanent
firewall-cmd --reload

 

Each service has an XML file located at /usr/lib/firewalld/services which contains the port and protocol being used by the service. For example, the ssh.xml file is using port 22 and the TCP protocol.

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <port protocol="tcp" port="22"/>
</service>

 

The --list-services option can be used to display the services that are allowed in a zone.

~]# firewall-cmd --zone public --list-services
smtp

 

Or, the --list-all option can be used.

~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: smtp
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

 



Add a Comment




We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.




Please enter 5fe32 in the box below so that we can be sure you are a human.




Comments

Web design by yours truely - me, myself, and I   |   jeremy.canfield@freekb.net   |