The Essential Guide to Understanding and Utilizing firewall-cmd

    skycentral.co.uk | The Essential Guide to Understanding and Utilizing firewall-cmd


    In today’s digital age, ensuring the security of computer networks is paramount. With the rise in cyber threats and attacks, having a strong firewall in place is essential to safeguard sensitive information and prevent unauthorized access.

    What is firewall-cmd?

    Firewall-cmd is a command-line utility in Linux designed to configure and manage the firewall settings using the Netfilter framework. It allows users to define rules and policies to handle inbound and outbound network traffic. Firewall-cmd is primarily used in distributions that support firewalld, such as CentOS, Fedora, and Red Hat Enterprise Linux (RHEL).

    Getting Started with firewall-cmd

    Before diving into the intricacies of firewall-cmd, it is important to have a basic understanding of how firewalld works. Firewalld is a dynamic firewall management tool that provides a framework for managing netfilter rules. It acts as a front-end controller for setting up and managing iptables rules.

    To begin utilizing firewall-cmd, it is crucial to ensure that firewalld is installed and running on the system. This can be checked using the following command:

    # systemctl status firewalld

    If firewalld is not running, it can be started using the following command:

    # systemctl start firewalld

    Once firewalld is up and running, firewall-cmd can be used to configure and manage the firewall settings.

    Understanding Zones

    In firewalld, zones are predefined sets of rules that define the level of trust a network interface or source IP address has. Each zone has a specific set of rules that determine whether incoming or outgoing traffic is allowed or denied. The default zone is typically set to the ‘public’ zone, which is the most restrictive.

    The command to check the currently active zone is:

    # firewall-cmd --get-active-zones

    To view the rules associated with a particular zone:

    # firewall-cmd --zone=zone_name --list-all

    Configuring Zones and Rules

    Firewalld allows users to configure zones and rules based on the level of security required. To add a new zone:

    # firewall-cmd --new-zone=zone_name --permanent
    # firewall-cmd --reload

    The ‘–permanent’ flag ensures that the zone persists across reboots, while the ‘–reload’ flag reloads the firewall configuration to activate the new zone.

    Once a new zone is created, a complete set of rules can be assigned to it to define the desired behavior for network traffic. These rules can be configured using various criteria, such as source IP address, destination IP address, port, and protocol.

    To add a rule to a zone:

    # firewall-cmd --zone=zone_name --add-rule=rule_specification --permanent
    # firewall-cmd --reload

    Working with Services

    Firewalld provides the ability to assign predefined services to zones, which simplifies the process of managing firewall rules. Services are XML files that define a set of rules for a specific application or service. These services can be enabled or disabled for a particular zone.

    To list the available services:

    # firewall-cmd --get-services

    To add a service to a zone:

    # firewall-cmd --zone=zone_name --add-service=service_name --permanent
    # firewall-cmd --reload

    Services provide a convenient way to manage firewall rules, especially when dealing with well-known applications.

    Logging and Troubleshooting

    Firewalld provides logging options to help troubleshoot network issues and track attempts to access the system. Logging can be enabled globally or at the zone level.

    To enable logging globally:

    # firewall-cmd --set-log-denied=all
    # firewall-cmd --reload

    To enable logging for a specific zone:

    # firewall-cmd --zone=zone_name --set-log-denied=all
    # firewall-cmd --reload

    The log files can be found in ‘/var/log/firewalld’ by default.


    Understanding and utilizing firewall-cmd is crucial for effectively managing and securing network traffic. By comprehending the concept of zones, configuring rules, working with services, and leveraging logging options, users can enhance their network security and mitigate potential threats. The firewall-cmd utility provides a flexible and comprehensive solution for managing firewalld and ensuring the protection of valuable digital assets.