FreeKB - Firewalld firewall-cmd - lockdown
Firewalld - firewall-cmd - lockdown

If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.

If the firewall is not locked down, services may be able to make changes to the firewall. The firewall can be locked down.

~]# firewall-cmd --lockdown=on


You will no longer be able to add a service to the firewall.

~]# firewall-cmd --add-service=dhcp --permanent
Error: ACCESS_DENIED: lockdown is enabled


Issue this command so that only you can modify the firewall. Reload the firewall, and you will again be able to modify the firewall.

~]# firewall-cmd --add-lockdown-whitelist-command='/usr/bin/python -Es /usr/bin/firewall-cmd*' --permanent


Add a Comment

We will never share your name or email with anyone. Enter your email if you would like to be notified when we respond to your comment.

Please enter b8121 in the box below so that we can be sure you are a human.


Web design by yours truely - me, myself, and I   |   |