Skip to main content

The firewalld command line client.

# To view the available firewall zones:
firewall-cmd --get-active-zones

# To view the rules which are currently applied:
firewall-cmd --list-all

# To permanently move the interface into the block zone, effectively blocking all communication:
firewall-cmd --permanent --zone=<block> --change-interface=<enp1s0>

# To permanently open the port for a service in the specified zone (like port '443' when in the 'public' zone):
firewall-cmd --permanent --zone=<public> --add-service=<https>

# To permanently close the port for a service in the specified zone (like port '80' when in the 'public' zone):
firewall-cmd --permanent --zone=<public> --remove-service=<http>

# To permanently open two arbitrary ports in the specified zone:
firewall-cmd --permanent --zone=<public> --add-port=<25565/tcp> --add-port=<19132/udp>

# To reload firewalld to force rule changes to take effect:
firewall-cmd --reload