Firewalld - Configuration


This page is about the configuration of firewalld


Configurations are stored in files located in 2 directories: 1):

  • The directory /usr/lib/firewalld that contains the default and fallback configuration (standard)
  • The directory /etc/firewalld that contains the system or user configuration (modified)

Runtime vs Permanent

By default, all configurations created with the command line or GUI are not permanent. They are lost when the host reboots. When you have tested your rule, you need to switch them to permanent and recreate them with the –permanent option

  • List of permanent services
firewall-cmd --zone=public --permanent --list-services
  • Make runtime to permanent
firewall-cmd --runtime-to-permanent

Enable for a period of time

You can enable an option for a time interval.

Example: Enable a service in a zone for 30 seconds

firewall-cmd [--zone=<zone>] --add-service=<service> --timeout=30


firewall-offline-cmd --check-config

Discover More
Firewalld - Policy

A policy applies a set of rules to traffic flowing between zones. The policy affects traffic in a stateful unidirectional manner, e.g. from: an ingress zone: zoneA to an egress zone: zoneB. ...
Firewalld OS Service / Admin

This page is the management of the OS service known as firewalld on the operating system. The system service configuration file is located at: Excerpt: See Reload firewall and keep...
What are Firewalld Services?

Services are pre-configured firewall properties for known services. It's a naming functionality where you can use them in place of a port (ie number and protocol, udp-tcp) In the conf directory...
What are Rich Rules or Rules in Firewalld?

Rich rule is a line of text that: begins with rule defines a list of options and terminates by an action: accept reject drop mark If a packet matches the options of the rich rule, the...
What is and how to create an IpSet? (Firewalld/Iptables)

An IPset is a set of IP or MAC addresses grouped together under a name. You can use an IPset in every source with the ipset: prefix. reload firewalld A IPset called white-list List of mac...

Share this page:
Follow us:
Task Runner