Search here...
Search

Essential firewalld Commands Every Linux Admin Should Know

Editorial Staff
By Editorial Staff

Table of Contents [minimize]

Prerequisites

Linux operating system installed and running
Access to a terminal or command line
Root or sudo privileges
firewalld package installed
Basic knowledge of firewall concepts

Introduction

In this guide, we’ll walk you through the essentials of firewalld, from installation and configuration to managing zones and firewall rules. Whether you're securing a single server or managing multiple systems, these practical insights will help you get the most out of firewalld and ensure your network traffic is properly controlled.

Linux distributions

firewalld is pre-installed and the default firewall management tool in most Red Hat-based distributions (Fedora, RHEL, CentOS, AlmaLinux, Rocky Linux) and openSUSE. On Debian-based distributions (Ubuntu, Debian), it's not installed by default but can be easily installed via the package manager.

To install it on Ubuntu

  1. Update package index
    • First, update your package index to ensure you're installing the latest version of firewalld available in the repository.
      • apt update
  2. Install firewalld
    • apt install firewalld
  3. Start and enable firewalld
    • after installation, you need to start the firewalld service and enable it to start automatically on boot.
      • systemctl start firewalld
    • to enable it to start on boot
      • systemctl boot firewalld
  4. Check the status of firewalld
    • Verify that firewalld is running by checking its status
      • systemctl status firewalld
  5. Verify firewalld installation
    • This should return running, indicating that the firewall is active.
      • firewall-cmd --state

Check the firewall status

firewall-cmd --state

Only shows whether firewalld is running or not, focusing on its operational state.

systemctl status firewalld

Gives a detailed report of the firewalld service status, including logs and system-level information.

Start/Stop firewalld

systemctl start firewalld

systemctl stop firewalld

Get active zones

firewall-cmd --get-active-zones

Get default zone

firewall-cmd --get-default-zone

List all rules

firewall-cmd --list-all

List the configuration of all zones

firewall-cmd --list-all-zones

Add a service to a zone

firewall-cmd --zone=public --add-service=http --permanent

firewall-cmd --zone=public --add-service=http --permanent

Remove a service from a zone

firewall-cmd --zone=public --remove-service=http --permanent

firewall-cmd --zone=public --remove-service=http --permanent

Add a port to a zone

firewall-cmd --permanent --zone=public --add-port=80/tcp

firewall-cmd --permanent --zone=public --add-port=443/tcp

Remove a port from a zone

firewall-cmd --zone=public --remove-port=80/tcp --permanent

firewall-cmd --zone=public --remove-port=443/tcp --permanent

List all ports (for all zones)

firewall-cmd --list-ports

List available services

firewall-cmd --get-services

Allow a specific IP addresss

firewall-cmd --zone=public --add-source=192.168.100.0 --permanent

Remove a IP address from the whitelist

firewall-cmd --zone=public --remove-source=192.168.100.0 --permanent

Block a specific IP address

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.1.100" reject' --permanent

Remove a rich text rule

firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.1.100" reject' --permanent

List rich rules

firewall-cmd --zone=public --list-rich-rules

List sources in a specific zone

firewall-cmd --zone=public --list-sources

Replace public with the zone you want to check.

Permanent changes

After making permanent changes, reload firewalld to apply the changes

firewall-cmd --reload

Common service ports

  • 22 - SFTP/SSH
  • 80 - HTTP
  • 443 - HTTPS
  • 3306 - MySQL

Final Thoughts

In this post, we've explored the essential aspects of configuring and managing firewalld on a Linux system. From setting up zones to adding services and blocking IP addresses, firewalld provides a powerful and flexible way to control network traffic and ensure your system is secure. Whether you're a beginner or an experienced Linux user, mastering firewalld is crucial for maintaining a secure environment.

If you're interested in learning more about firewalld, including advanced configurations and troubleshooting tips, be sure to check out the official documentation on their website. The firewalld official site provides comprehensive resources, including a detailed guide and best practices for managing your firewall settings.

Stay secure, and happy configuring!

Previous article
Get Started with Composer: A Complete Installation Guide
Next article
Setting up Laravel from Scratch: A Detailed Installation Guide

Popular (all time)

Related articles

Understanding JavaScript: Single vs Double vs Triple Equals Explained

Editorial Staff -
While it may seem like a small detail, these operators play a big role in determining whether values are truly equal or just appear to be. This post will break down each of these comparison operators, clarify the differences, and explain when to use them, helping you avoid common pitfalls and write cleaner, more efficient code.

How to Edit Your WordPress Admin Username and Author Slug via MySQL

Editorial Staff -
In this guide, we’ll walk you through the process of editing both the admin username and author slug using MySQL. Whether you’re looking to strengthen your site's security or simply personalize your author URL, this straightforward method will help you make the changes with ease.

Integrating React into Your Laravel Project: A Simple Guide

Editorial Staff -
In this guide, we'll walk you through the process of integrating React into your Laravel project, enabling you to harness the best of both worlds. Whether you're new to either technology or just looking to streamline your workflow, this step-by-step guide will show you how to set up and configure React with Laravel, so you can start building efficient, real-time applications with ease.

Follow us

Huntcode.com exists to help you learn at your own pace (our content is here 24/7, on-demand, whenever you need it), and we cover everything from web development basics to advanced topics like Cyber Security and server management.

Explore

Your Thoughts Matter to Us!

We'd love to hear your thoughts on our tutorials! What did you find helpful, and where can we improve? Our AI-powered chatbot is available on our content pieces to help personalize your learning experience, and your feedback helps us enhance our guides to make them even better for you!
Cam G Media, LLC is excited to announce its membership in the NVIDIA Inception Program.

© 2025 NVIDIA, the NVIDIA logo, are trademarks and/or registered trademarks of NVIDIA Corporation in the U.S. and other countries.

We want to help anyone curious about coding unlock new opportunities through learning.

Copyright © 2025 Cam G Media, LLC. All rights reserved.