Mastering Firewall-cmd: Unveiling the Power of Listing and Evaluating Firewall Rules

    skycentral.co.uk | Mastering Firewall-cmd: Unveiling the Power of Listing and Evaluating Firewall Rules


    Firewall-cmd is a powerful command-line tool used for managing firewall rules on Linux systems. It provides an efficient and flexible way to configure and manipulate firewalls using the nftables backend. In this article, we will dive into the topic of listing and evaluating firewall rules using firewall-cmd, uncovering the immense power and potential that this tool possesses.

    Understanding Firewall-cmd

    Firewall-cmd is the command-line interface to firewalld, a dynamic firewall management tool which simplifies the process of managing firewalls. With firewall-cmd, system administrators can easily configure firewall rules, services, zones, and more. It offers a rich set of features and options to secure and control network traffic effectively.

    List All Firewall Rules

    One of the fundamental operations in managing firewalls is to view all the existing rules. Firewall-cmd allows us to list all the currently active firewall rules on our system. To do this, simply execute the following command:

    firewall-cmd –list-all

    This command will display a comprehensive list of all the rules defined for each zone, along with other pertinent information such as the default zone, runtime, permanent rules, and more. It provides a detailed overview of the current firewall configuration.

    List Available Zones

    A zone is a predefined set of rules that collectively define the behavior of the firewall. Firewall-cmd provides the ability to list all available zones on the system, which can be useful when determining which zones are currently active.

    To list all available zones, use the following command:

    firewall-cmd –get-zones

    The output will display all the available zones, such as `public`, `dmz`, `home`, `trusted`, and more. This information helps administrators understand the zone-specific rules that are in place and aids in the decision-making process when configuring firewall settings.

    View Configured Zones

    In addition to listing available zones, firewall-cmd allows us to view the currently configured zones. These are the zones that are actively applied to our system. Using the following command:

    firewall-cmd –get-active-zones

    We obtain a list of currently active zones. This information is crucial as it enables us to identify the specific zones to which the firewall rules are being applied. Consequently, we can observe the overall configuration of the system’s firewall.

    Evaluating Rules within a Zone

    Firewall-cmd lets us evaluate rules within a specific zone. This is particularly useful when we want to examine the detailed configuration of a particular zone and verify the rules being applied to it.

    To evaluate the rules within a zone, use the following command:

    firewall-cmd –zone= –list-all

    Here, `` represents the zone for which we want to evaluate the rules. By executing this command, we can view all the rules within the specified zone, including source and destination IP addresses, ports, protocols, and other relevant information. This capability enables administrators to thoroughly analyze the firewall configuration and troubleshoot any potential issues.

    Filtering Rules by Service

    In certain cases, it is desirable to filter firewall rules based on services rather than zones. Firewall-cmd provides an easy way to achieve this by listing rules associated with specific services.

    To list rules associated with a specific service, execute the following command:

    firewall-cmd –list-service –zone=

    By specifying the `` parameter, we can restrict the output to rules within a particular zone. The resulting list will display the rules specific to the selected service, allowing administrators to gain insights into the firewall rules associated with targeted services.

    Listing Port-Based Rules

    Firewall-cmd enables the listing of port-based rules, allowing administrators to identify the ports that are currently open. This is crucial for maintaining network security and ensuring that only the necessary ports are accessible to external connections.

    To list port-based rules, utilize the following command:

    firewall-cmd –list-ports –zone=

    By specifying the `` parameter according to the desired zone, administrators can view a comprehensive list of all the ports enabled within that zone. This information facilitates a clear understanding of the network accessibility and port configurations within the firewall.

    Display the Default Zone

    Another powerful feature of firewall-cmd is the ability to display the default zone configured on the system. The default zone is the zone applied to network interfaces and services that do not match any specific rule.

    To view the default zone, use the following command:

    firewall-cmd –get-default-zone

    Executing this command will reveal the currently set default zone. This information is essential in understanding the baseline firewall configuration and determining the default behavior of the firewall.


    Firewall-cmd is an incredible tool that allows system administrators to effortlessly manage and manipulate firewall rules on Linux systems. In this article, we explored the power of listing and evaluating firewall rules using firewall-cmd, uncovering its potential for effectively securing network traffic. By mastering the capabilities of firewall-cmd, administrators can enhance network security, troubleshoot firewall issues, and ensure optimal firewall configurations on their Linux systems.