Configuring Firewalld: Managing Rules and Services
Firewalld provides a comprehensive set of tools and commands for configuring and managing firewall rules and services. In this section, we will explore the key aspects of Firewalld configuration and how to effectively control network traffic using this dynamic firewall solution.
Managing Firewalld Rules
Firewalld rules are the core of the firewall's functionality, determining which network traffic is allowed or blocked. You can manage these rules using the firewall-cmd
command-line tool.
To list the current firewall rules, you can use the following command:
sudo firewall-cmd --list-all
This will display the active zones, their assigned interfaces, and the configured rules for each zone.
To add a new rule, you can use the --add-port
or --add-service
options. For example, to allow HTTP traffic (port 80) in the public
zone:
sudo firewall-cmd --zone=public --add-port=80/tcp --permanent
The --permanent
option ensures that the rule persists after a system reboot.
Integrating with iptables
Firewalld provides seamless integration with the traditional iptables firewall. You can view the underlying iptables rules generated by Firewalld using the following command:
sudo iptables -L -n
This allows you to leverage the flexibility of Firewalld while still having access to the low-level iptables rules if needed.
Managing Firewalld Services
Firewalld also allows you to manage predefined network services, which are collections of firewall rules for common applications and protocols. You can list the available services using the following command:
sudo firewall-cmd --get-services
To enable a service in a specific zone, you can use the --add-service
option:
sudo firewall-cmd --zone=public --add-service=http --permanent
This will add the necessary rules to allow HTTP traffic in the public
zone.
graph TD
A[firewall-cmd] -->|Manages| B[Firewalld Rules]
A -->|Integrates with| C[iptables]
A -->|Manages| D[Firewalld Services]
By understanding the various Firewalld configuration options and commands, you can effectively control and secure your network traffic, adapting to the changing needs of your Linux environment.