How to manage firewall in linux

Firewalld is a dynamic firewall management tool used on Linux systems. It allows administrators to manage firewall rules and configure network traffic filtering. Here is an explanation table of some of the main firewalld options:

OptionDescription

firewalld	Command to start, stop, and manage firewalld service
--state	Show the current state of the firewall
--reload	Reload firewall configuration without stopping the firewall
--list-all	List all firewall rules and their associated services
--zone	Specify a particular zone to apply the rule to
--add-service	Add a service to the firewall rule
--remove-service	Remove a service from the firewall rule
--add-port	Add a port to the firewall rule
--remove-port	Remove a port from the firewall rule
--permanent	Make the rule persistent across firewall reloads
--query-service	Check if a service is already in the firewall configuration
--get-services	List all available services in the firewall configuration
--panic-on	Enable panic mode in the firewall
--panic-off	Disable panic mode in the firewall

Examples:

 

• To turn on firewalld:

sudo systemctl start firewalld

• To turn off firewalld:

sudo systemctl stop firewalld

• To enable firewalld at boot:

sudo systemctl enable firewalld

• To disable firewalld at boot:

sudo systemctl disable firewalld

• To check the status of firewalld:

sudo systemctl status firewalld

 

• To check the current status of the firewall, use the command:

sudo firewall-cmd --state

• To add a service to the firewall rule, for example, http:This will add the http service to the public zone and make it permanent across firewall reloads.

sudo firewall-cmd --zone=public --add-service=http --permanent

• To remove a service from the firewall rule, for example, ftp:This will remove the ftp service from the public zone and make the change permanent.

sudo firewall-cmd --zone=public --remove-service=ftp --permanent

• To add a port to the firewall rule, for example, port 8080:This will add port 8080 to the public zone and make it permanent across firewall reloads.

sudo firewall-cmd --zone=public --add-port=8080/tcp --permanent

• To remove a port from the firewall rule, for example, port 22:This will remove port 22 from the public zone and make the change permanent.

sudo firewall-cmd --zone=public --remove-port=22/tcp --permanent

 

• To list all available services in the firewall configuration:This will list all available services in the firewall configuration, such as http, ssh, ftp, etc.

sudo firewall-cmd --get-services