os:linux:firewalld:masquerade

Table of Contents

About

This page is about masquerading, a form of address translation in firewalld

Enable

for a zone

Masquerading can be enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external interface.

firewall-cmd --zone=xxx --add-masquerade     # Enable IPv4 masquerade
firewall-cmd --zone=xxx --remove-masquerade  # Disable IPv4 masquerade
firewall-cmd --zone=xxx --query-masquerade   # Return whether IPv4 masquerading has been enabled

With a rule

firewall-cmd \
 --permanent \
 --zone=public \
 --add-rich-rule='rule family="ipv4" source ipset="home-ipv4" masquerade'

Present in policy

The masquerade configuration can be present in a policy