LabEx
Log In Join For Free

How to View Firewalld Rules on Linux

LinuxLinuxBeginner
Practice Now

Introduction

This tutorial will guide you through the process of viewing and managing your firewall rules using the firewalld tool on Linux. You will learn how to list the current firewalld rules, understand their purpose, and make necessary changes to your network security settings.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL linux(("`Linux`")) -.-> linux/RemoteAccessandNetworkingGroup(["`Remote Access and Networking`"]) linux(("`Linux`")) -.-> linux/SystemInformationandMonitoringGroup(["`System Information and Monitoring`"]) linux/RemoteAccessandNetworkingGroup -.-> linux/netstat("`Network Monitoring`") linux/SystemInformationandMonitoringGroup -.-> linux/service("`Service Managing`") subgraph Lab Skills linux/netstat -.-> lab-398385{{"`How to View Firewalld Rules on Linux`"}} linux/service -.-> lab-398385{{"`How to View Firewalld Rules on Linux`"}} end

Introduction to Firewalld

Firewalld is a dynamic firewall management tool in Linux that provides a simple and flexible way to configure network traffic rules. It is the default firewall management tool in many modern Linux distributions, including Red Hat Enterprise Linux (RHEL), CentOS, and Fedora.

What is Firewalld?

Firewalld is a daemon that runs in the background and manages the Linux firewall. It provides a command-line interface (CLI) and a graphical user interface (GUI) for configuring and managing firewall rules. Firewalld uses the netfilter framework, which is the underlying firewall mechanism in the Linux kernel.

Benefits of Firewalld

  • Dynamic Configuration: Firewalld allows you to change firewall rules on the fly without restarting the firewall service, making it more flexible and efficient than traditional firewall management tools.
  • Zone-based Approach: Firewalld uses a zone-based approach to manage firewall rules, which makes it easier to apply different sets of rules to different network interfaces or connections.
  • Service-based Configuration: Firewalld provides a service-based configuration, which means you can easily enable or disable predefined services (e.g., HTTP, SSH, FTP) without having to manually configure the corresponding firewall rules.
  • Compatibility with Iptables: Firewalld is compatible with the traditional iptables firewall, and you can use both tools together to manage your firewall rules.

Firewalld Use Cases

Firewalld is commonly used in the following scenarios:

  • Server Hardening: Securing servers by allowing only necessary network traffic and blocking unwanted connections.
  • Network Segmentation: Separating different network zones (e.g., internal, external, DMZ) with specific firewall rules.
  • Dynamic Firewall Management: Quickly adapting firewall rules to changing network conditions or security requirements.
  • Cloud and Container Environments: Providing a consistent and flexible firewall management solution for cloud-based infrastructure and containerized applications.
graph TD A[Linux System] --> B[Firewalld Daemon] B --> C[Netfilter Framework] B --> D[CLI/GUI] D --> E[Firewall Rules Configuration]

Viewing Firewalld Rules

To view the current firewall rules configured by Firewalld, you can use the following commands:

Listing All Firewall Zones

To list all the available firewall zones, use the following command:

sudo firewall-cmd --get-zones

This will display a list of all the predefined and custom firewall zones.

Listing Active Zones

To list the active firewall zones, use the following command:

sudo firewall-cmd --get-active-zones

This will show the network interfaces associated with each active zone.

Viewing Zone-specific Rules

To view the firewall rules for a specific zone, use the following command:

sudo firewall-cmd --zone=<zone_name> --list-all

Replace <zone_name> with the name of the zone you want to view, such as public or internal.

Viewing Default Zone

To view the default firewall zone, use the following command:

sudo firewall-cmd --get-default-zone

This will display the name of the default zone that is used for network interfaces that are not explicitly assigned to a zone.

Viewing Runtime vs. Permanent Rules

Firewalld maintains two sets of firewall rules: runtime rules and permanent rules. Runtime rules are the currently active rules, while permanent rules are the rules that will be applied at the next system restart.

To view the runtime rules, use the following command:

sudo firewall-cmd --list-all

To view the permanent rules, use the following command:

sudo firewall-cmd --permanent --list-all

You can also use the --runtime-to-permanent option to make the current runtime rules permanent.

sudo firewall-cmd --runtime-to-permanent

By understanding these commands, you can effectively view and manage the firewall rules configured by Firewalld on your Linux system.

Managing Firewalld Rules

Firewalld provides a flexible and powerful way to manage firewall rules. You can add, remove, and modify rules, as well as enable or disable predefined services.

Adding Firewall Rules

To add a new firewall rule, use the following command:

sudo firewall-cmd --add-port=<port>/<protocol> --zone=<zone_name> [--permanent]

Replace <port> with the port number, <protocol> with the protocol (e.g., tcp, udp), and <zone_name> with the name of the firewall zone. The --permanent option makes the rule persistent across system reboots.

Removing Firewall Rules

To remove a firewall rule, use the following command:

sudo firewall-cmd --remove-port=<port>/<protocol> --zone=<zone_name> [--permanent]

The parameters are the same as for adding a rule.

Enabling and Disabling Services

Firewalld provides predefined services that you can easily enable or disable. To list the available services, use the following command:

sudo firewall-cmd --get-services

To enable a service, use the following command:

sudo firewall-cmd --add-service=<service_name> --zone=<zone_name> [--permanent]

Replace <service_name> with the name of the service, such as http or ssh.

To disable a service, use the following command:

sudo firewall-cmd --remove-service=<service_name> --zone=<zone_name> [--permanent]

Reloading Firewall Rules

After making changes to the firewall rules, you need to reload the firewall for the changes to take effect. Use the following command to reload the firewall:

sudo firewall-cmd --reload

This will apply the changes without interrupting any existing connections.

By using these commands, you can effectively manage the firewall rules configured by Firewalld on your Linux system.

Summary

In this tutorial, you have learned how to view and manage your firewall rules using the firewalld tool on Linux. By understanding the firewalld list rules command, you can now easily inspect your network security settings and make informed decisions to protect your system. Remember, keeping your firewall rules up-to-date and properly configured is a crucial step in maintaining a secure Linux environment.

Other Linux Tutorials you may like

Related Linux Courses
Quick Start with Linux

Quick Start with Linux

LinuxShell
Beginner
Linux for Noobs

Linux for Noobs

LinuxShell
Intermediate
Practice Linux Commands

Practice Linux Commands

LinuxShell
Beginner

We use cookies for a number of reasons, such as keeping the website reliable and secure, to improve your experience on our website and to see how you interact with it. By accepting, you agree to our use of such cookies. Privacy Policy