Firewalld - firewall-cmd - allow or deny a service
by
Jeremy Canfield |
Updated: April 26 2022
| Firewalld articles
If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.
The --add-service option can be used to allow connections to a certain service, such as SMTP.
firewall-cmd --add-service=smtp --permanent
firewall-cmd --reload
The --remove-service option can be used to remove an allows service.
firewall-cmd --remove-service=smtp --permanent
firewall-cmd --reload
Each service has an XML file located at /usr/lib/firewalld/services which contains the port and protocol being used by the service. For example, the ssh.xml file is using port 22 and the TCP protocol.
<?xml version="1.0" encoding="utf-8"?>
<service>
<short>SSH</short>
<port protocol="tcp" port="22"/>
</service>
The --check-config command can be used to ensure there are no configuration errors.
~]$ firewall-cmd --check-config
success
The --list-services option can be used to display the services that are allowed in a zone.
~]# firewall-cmd --zone public --list-services
smtp
Or, the --list-all option can be used.
~]# firewall-cmd --list-all
public
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: smtp
ports:
protocols:
masquerade: no
forward-ports:
sourceports:
icmp-blocks:
rich rules:
Did you find this article helpful?
If so, consider buying me a coffee over at