Bootstrap FreeKB - Firewalld - firewall-cmd - allow or deny a service
Firewalld - firewall-cmd - allow or deny a service

Updated:   |  Firewalld articles

If you are not familar with firewalld and the firewall-cmd, check out our Getting Started article.

The --add-service option can be used to allow connections to a certain service, such as SMTP.

firewall-cmd --add-service=smtp --permanent
firewall-cmd --reload

 

The --remove-service option can be used to remove an allows service.

firewall-cmd --remove-service=smtp --permanent
firewall-cmd --reload

 

Each service has an XML file located at /usr/lib/firewalld/services which contains the port and protocol being used by the service. For example, the ssh.xml file is using port 22 and the TCP protocol.

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <port protocol="tcp" port="22"/>
</service>

 

The --check-config command can be used to ensure there are no configuration errors.

~]$ firewall-cmd --check-config
success

 

The --list-services option can be used to display the services that are allowed in a zone.

~]# firewall-cmd --zone public --list-services
smtp

 

Or, the --list-all option can be used.

~]# firewall-cmd --list-all
public
  target: default
  icmp-block-inversion: no
  interfaces: eth0
  sources:
  services: smtp
  ports:
  protocols:
  masquerade: no
  forward-ports:
  sourceports:
  icmp-blocks:
  rich rules:

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter e80baa in the box below so that we can be sure you are a human.