How to check if a network firewall zone is active in Linux

Introduction

In this lab, you will learn how to check if a network firewall zone is active in Linux using firewalld. We will begin by using the firewall-cmd --get-active-zones command to identify the currently active zones and the network interfaces they are associated with.

Following that, we will explore the firewalld configuration files located in the /etc/firewalld directory to understand where zone rules are defined. Finally, we will inspect the underlying iptables rules to see how firewalld translates its zone configurations into actual packet filtering rules. This lab provides a foundational understanding of how firewalld manages network security on your Linux system.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("Linux")) -.-> linux/SystemInformationandMonitoringGroup(["System Information and Monitoring"]) linux(("Linux")) -.-> linux/RemoteAccessandNetworkingGroup(["Remote Access and Networking"]) linux(("Linux")) -.-> linux/BasicFileOperationsGroup(["Basic File Operations"]) linux/BasicFileOperationsGroup -.-> linux/ls("Content Listing") linux/BasicFileOperationsGroup -.-> linux/cat("File Concatenating") linux/SystemInformationandMonitoringGroup -.-> linux/service("Service Managing") linux/RemoteAccessandNetworkingGroup -.-> linux/ifconfig("Network Configuring") linux/RemoteAccessandNetworkingGroup -.-> linux/netstat("Network Monitoring") linux/RemoteAccessandNetworkingGroup -.-> linux/ip("IP Managing") subgraph Lab Skills linux/ls -.-> lab-558734{{"How to check if a network firewall zone is active in Linux"}} linux/cat -.-> lab-558734{{"How to check if a network firewall zone is active in Linux"}} linux/service -.-> lab-558734{{"How to check if a network firewall zone is active in Linux"}} linux/ifconfig -.-> lab-558734{{"How to check if a network firewall zone is active in Linux"}} linux/netstat -.-> lab-558734{{"How to check if a network firewall zone is active in Linux"}} linux/ip -.-> lab-558734{{"How to check if a network firewall zone is active in Linux"}} end

Check zones with firewall-cmd --get-active-zones

In this step, we'll start exploring firewalld, the dynamic firewall management tool in Linux. Firewalls are crucial for network security, controlling which traffic is allowed in and out of your system.

firewalld uses the concept of "zones" to manage firewall rules. Zones define the level of trust for network connections. Different zones have different default rules. For example, a "public" zone might have stricter rules than a "trusted" zone.

Let's check which zones are currently active on your system. We'll use the firewall-cmd command with the --get-active-zones option.

Open your terminal if it's not already open. Remember, you can find the Xfce Terminal icon on the left side of your desktop.

Type the following command and press Enter:

firewall-cmd --get-active-zones

You should see output similar to this:

public
  interfaces: eth0

This output tells us that the public zone is currently active, and it's associated with the eth0 network interface. The eth0 interface is how your virtual machine connects to the network.

Understanding active zones is the first step in managing your firewall with firewalld. In the next steps, we'll look at the configuration files and how rules are applied.

Click Continue to proceed.

Verify firewalld config with cat /etc/firewalld

In the previous step, we saw which firewalld zones are active. Now, let's take a look at where firewalld stores its configuration files. These files define the rules for each zone.

The main configuration directory for firewalld is /etc/firewalld. Inside this directory, you'll find subdirectories for zones, services, and other configuration elements.

We can use the cat command to view the contents of files. To see what's inside the /etc/firewalld directory, we can try to cat it, but cat is designed for files, not directories. Instead, let's list the contents of the directory using the ls command.

Type the following command and press Enter:

ls /etc/firewalld/

You should see a list of directories and files, something like this:

icmptypes  lockdown-whitelist.xml  modules  panic-iface.conf  services  zones

This shows the structure of the firewalld configuration. The zones directory is particularly important, as it contains the configuration files for each zone (like public.xml, trusted.xml, etc.).

Let's look inside the zones directory. Type:

ls /etc/firewalld/zones/

You'll see a list of XML files, one for each predefined zone:

block.xml  dmz.xml  drop.xml  external.xml  home.xml  internal.xml  public.xml  trusted.xml  work.xml

These XML files contain the specific rules for each zone. For example, public.xml defines the rules for the public zone we saw was active in the previous step.

While we won't dive into the details of the XML files in this lab, knowing where the configuration is stored is a key part of understanding firewalld.

Click Continue to move to the next step.

Inspect iptables rules with iptables -L

While firewalld is the modern way to manage firewalls on many Linux distributions, it often works by configuring the underlying netfilter framework, which is traditionally managed by the iptables command.

Even when using firewalld, you can still inspect the rules that firewalld has created in netfilter using the iptables command. This can be helpful for understanding how firewalld translates its zone-based rules into the lower-level iptables rules.

To list the current iptables rules, we'll use the iptables command with the -L option. Since viewing firewall rules requires administrative privileges, we'll need to use sudo.

Type the following command and press Enter:

sudo iptables -L

You will see a lot of output! This output shows the different iptables chains (like INPUT, FORWARD, OUTPUT) and the rules within them. firewalld creates its own chains, often prefixed with FWD, IN_, OUT_, etc., to manage traffic based on zones and services.

Here's a snippet of what you might see (the exact output will vary):

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
INPUT_direct  all  --  anywhere             anywhere
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere
INPUT_ZONES  all  --  anywhere             anywhere
...
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
...
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
...
Chain INPUT_ZONES (1 references)
target     prot opt source               destination
FWD_public  all  --  anywhere             anywhere             [goto] /* zone public */
...

Don't worry about understanding every line of this output right now. The key takeaway is that firewalld is actively managing these iptables rules behind the scenes. The iptables -L command gives you a view into the actual packet filtering rules being enforced by the kernel.

This step concludes our brief introduction to firewalld and its relationship with iptables. You've learned how to check active zones, locate configuration files, and inspect the underlying iptables rules.

Click Continue to finish the lab.

Summary

In this lab, we began exploring firewalld to check active network firewall zones in Linux. We learned that firewalld uses zones to manage firewall rules and that the firewall-cmd --get-active-zones command is used to identify which zones are currently active and associated with network interfaces. We saw an example where the public zone was active on the eth0 interface.

We then started to examine the firewalld configuration files, noting that the main configuration directory is /etc/firewalld. We attempted to view the directory contents, understanding that cat is used for files, not directories, and that listing the directory contents is the appropriate method to see the configuration files for zones, services, and other elements.