Firewalld - Masquerade


This page is about masquerading, a form of address translation in firewalld


for a zone

Masquerading can be enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external interface.

firewall-cmd --zone=xxx --add-masquerade     # Enable IPv4 masquerade
firewall-cmd --zone=xxx --remove-masquerade  # Disable IPv4 masquerade
firewall-cmd --zone=xxx --query-masquerade   # Return whether IPv4 masquerading has been enabled

With a rule

firewall-cmd \
 --permanent \
 --zone=public \
 --add-rich-rule='rule family="ipv4" source ipset="home-ipv4" masquerade'

Present in policy

The masquerade configuration can be present in a policy

Discover More
Firewalld - Policy

A policy applies a set of rules to traffic flowing between zones. The policy affects traffic in a stateful unidirectional manner, e.g. from: an ingress zone: zoneA to an egress zone: zoneB. ...
Firewalld - Zone

A zone is a grouping of rule configurations known as zone option. A firewall zone is defined for: a connection, an interface or source address binding (range of source addresses) This is a one-to-many...
What are Rich Rules or Rules in Firewalld?

Rich rule is a line of text that: begins with rule defines a list of options and terminates by an action: accept reject drop mark If a packet matches the options of the rich rule, the...

Share this page:
Follow us:
Task Runner