Firewalld 1) is a firewall application that wraps the iptables firewall 2) provided by the Linux kernel.

firewalld is based on iptable and therefore is based on the same concept such as:

  • zone - trust level on Network interfaces and source,
  • rule - traffic rules
  • policy - traffic rules between zones if you happen to have more than one interface.

Firewalld is the default firewall on most Linux distributions (Fedora 38, Centos 7, …)


This how to page is a cheatsheet page that lists the major command. You will find howto's such as country or subnet filtering around firewalld.

Discover More
Firewalld - Configuration

This page is the configuration of firewalld Configurations are stored in files located in 2 directories: : The directory /usr/lib/firewalld that contains the default and fallback configuration (standard)...
Firewalld - How to filter your traffic based on an IP, port or Region?

This page shows you how to filter your traffic based on a IP with firewalld rich rules. where: --permanent means that the rule will be used even after reboot. --add-rich-rule specifies the rich...
Firewalld - Howto's

A list of howto based on firewalld from country to subnet filtering as well as disabling it in rescue mode
Firewalld - Log

This page is the log information of firewalld Add logging rules right before reject and drop rules in the INPUT, FORWARD, and OUTPUT chains for the default rules and also final reject and drop rules...
Firewalld - Masquerade

This page is masquerading, a form of address translation in firewalld Masquerading can be enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external...
Firewalld - Network Interface

This page is networks interface configuration in firewalld. An interface may be assigned / bind to zero or one zone. Example: List interfaces that are bound to a zone Example: By default,...
Firewalld - Target (Rich Rule Action)

A target is the action taken if the configuration options match a IP packet. It's used: as the last word in a rich rule as the default action in a zone. It's a iptables concept. Name Rejection...
Chrome Site Cant Be Reached
How to allow only the HTTP traffic from a subnet such as Cloudflare with Firewalld?

This article is a step by step that shows you how to configure the firewall Firewalld to allow the network packet traffic from a subnet such as Cloudflare
How to disable your firewall in rescue mode ?

When working with firewalls, the unexpected can happen and you can be locked out of your server or vps. Many VPS provider provides a rescue mode that permits to rescue your server. This how-to shows you...
How to forward to a port / address (Redirect) with firewalld?

This page shows you how to forward your traffic based on a port with the forward-port rule. In a zone option, you can add directly port forwarding directly without using a rich rule. Other commands...

Share this page:
Follow us:
Task Runner