How to forward to a port / address (Redirect) with firewalld?

About

This page shows you how to forward your traffic based on a port with the forward-port rule.

How to forward the port 443 to the port 8443

As a zone option

In a zone option, you can add directly port forwarding directly without using a rich rule.

firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443

Other commands are available to manage the forward-port option:

• List IPv4 forward ports

firewall-cmd --list-forward-ports 

• Add the IPv4 forward port

firewall-cmd --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]

• Remove the IPv4 forward port

firewall-cmd   --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]

• Return whether the IPv4 forward port has been added

firewall-cmd   --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]

With a rich rule

Add the forward-port rich rule

rule forward-port family=ipv4 port=443 protocol=tcp to-port=8443

Example:

firewall-cmd --permanent \
  --add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'

The forward-port rule may also forward a packet to another address. The whole rule format is:

<forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="address"]/> |