LinuxTutorials

A simple firewall-cmd cheatsheet

Get Default Zone
Get Active Zones
List Zone Services
Add a permanent port into a zone
Remove a permanent port from a zone
Firewall-cmd reload

I tested this using CentOS 7 with firewalld service running.

Get Default Zone

To know the default zone, use this command

firewall-cmd --get-default-zone

Get Active Zones

firewall-cmd --get-active-zones

List Zone Services

To check services, ports and settings on a specific zone, use this command

firewall-cmd --zone=public --list-all

Add a permanent port into a zone

Adding a permanent TCP/UDP port in a specific zone. Example: opening MongoDB port

firewall-cmd --permanent --zone=public --add-port=27017/tcp
firewall-cmd --permanent --zone=public --add-port=27017/udp

Remove a permanent port from a zone

firewall-cmd --permanent --zone=public --remove-port=27017/tcp
firewall-cmd --permanent --zone=public --remove-port=27017/udp

Firewall-cmd reload

To reflect your firewall changes. You have to reload the firewall using the following command

firewall-cmd --reload

Leave a Reply

Your email address will not be published. Required fields are marked *