firewall-cmd(1)
Command line interface to the firewalld(1) daemon.
List current status of the firewall
# List all services and ports for all zones.
firewall-cmd --list-all
# List all services.
firewall-cmd --list-services
# List all ports.
firewall-cmd --list-ports
Add
--zone <ZONE>
to limit output to a givenZONE
. Use--get-zones
to see all available zones.
Add entries
# Add a service to the firewall, use `--get-services` to list all available
# service names.
firewall-cmd --add-service <SERVICE>
# Add a specific port.
firewall-cmd --add-port 8000/tcp
# Add a rich rule (eg port forwarding, dnat).
firewall-cmd --add-rich-rule 'rule family="ipv4" forward-port port="80" protocol="tcp" to-port="8080"'
Remove entries
# Remove service.
firewall-cmd --remove-service <SERVICE>
# Remove port.
firewall-cmd --remove-port 8000/tcp
# Remove rich rule.
firewall-cmd --remove-rich-rule 'rule family="ipv4" forward-port port="80" protocol="tcp" to-port="8080"'
References
- man firewall-cmd(1)
- man firewalld(1)