firewall-cmd is the command line client of the firewalld daemon. It provides interface to manage runtime and permanent configuration.
The runtime configuration in firewalld is separated from the permanent configuration. This means that things can get changed in the runtime or permanent configuration.
1 Active zones and services:
# firewall-cmd –get-active-zones
# firewall-cmd –get-services
2 Add and remove ports and services in firewalld
Adding ports and services:
# firewall-cmd –permanent –zone=public –add-port=80/tcp
# firewall-cmd –permanent –zone=public –add-service=ftp
Removing ports and services:
# firewall-cmd –zone=public –remove-port=80/tcp
# firewall-cmd –zone=public –remove-service=ftp
List active ports and services
# firewall-cmd –zone=public –list-ports
# firewall-cmd –zone=public –list-services
3 Block Incoming and Outgoing Packets (Panic Mode)
To turn on and check the panic mode with –query-panic:
# firewall-cmd –panic-on
# ping hostnextra.com
# firewall-cmd –query-panic
To turn off and check the panic mode with with–query-panic:
# firewall-cmd –query-panic
# firewall-cmd –panic-off
# ping oyoservers.com
4 Adding and Removing Chain using Direct Interface
# firewall-cmd –direct –add-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp –dport 25 -j ACCEPT
# firewall-cmd –direct –remove-rule ipv4 filter IN_public_allow 0 -m tcp -p tcp –dport 25 -j ACCEPT
5 Adding & Blocking IP Addresses using –add-rich-rule and –remove-rich-rule
# firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”172.16.0.11″ ACCEPT
# firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”172.16.0.11″ ACCEPT