firewall-cmd(1)

Command line interface to the firewalld(1) daemon.

List current status of the firewall

# List all services and ports for all zones.
firewall-cmd --list-all
# List all services.
firewall-cmd --list-services
# List all ports.
firewall-cmd --list-ports

Add --zone <ZONE> to limit output to a given ZONE. Use --get-zones to see all available zones.

Add entries

# Add a service to the firewall, use `--get-services` to list all available
# service names.
firewall-cmd --add-service <SERVICE>
# Add a specific port.
firewall-cmd --add-port 8000/tcp
# Add a rich rule (eg port forwarding, dnat).
firewall-cmd --add-rich-rule 'rule family="ipv4" forward-port port="80" protocol="tcp" to-port="8080"'

Remove entries

# Remove service.
firewall-cmd --remove-service <SERVICE>
# Remove port.
firewall-cmd --remove-port 8000/tcp
# Remove rich rule.
firewall-cmd --remove-rich-rule 'rule family="ipv4" forward-port port="80" protocol="tcp" to-port="8080"'

References

• man firewall-cmd(1)
• man firewalld(1)