About
This page is about masquerading, a form of address translation in firewalld
Enable
for a zone
Masquerading can be enabled for the zone. If you want to enable masquerading, you should enable it in the zone bound to the external interface.
firewall-cmd --zone=xxx --add-masquerade # Enable IPv4 masquerade
firewall-cmd --zone=xxx --remove-masquerade # Disable IPv4 masquerade
firewall-cmd --zone=xxx --query-masquerade # Return whether IPv4 masquerading has been enabled
With a rule
firewall-cmd \
--permanent \
--zone=public \
--add-rich-rule='rule family="ipv4" source ipset="home-ipv4" masquerade'
Present in policy
The masquerade configuration can be present in a policy