What are Firewalld Services?

About

Services are pre-configured firewall properties for known services.

It's a naming functionality where you can use them in place of a port (ie number and protocol, udp-tcp)

Command

List all known services

firewall-cmd --get-services

RH-Satellite-6 amanda-client amanda-k5-client amqp amqps apcupsd audit bacula bacula-client bgp bitcoin bitcoin-rpc bitcoin-testnet bitcoin-testnet-rpc ceph ceph-mon cfengine condor-collector ctdb dhcp dhcpv6 dhcpv6-client distcc dns docker-registry docker-swarm dropbox-lansync elasticsearch etcd-client etcd-server finger freeipa-ldap freeipa-ldaps freeipa-replication freeipa-trust ftp ganglia-client ganglia-master git gre high-availability http https imap imaps ipp ipp-client ipsec irc ircs iscsi-target isns jenkins kadmin kerberos kibana klogin kpasswd kprop kshell ldap ldaps libvirt libvirt-tls lightning-network llmnr managesieve matrix mdns minidlna mongodb mosh mountd mqtt mqtt-tls ms-wbt mssql murmur mysql nfs nfs3 nmea-0183 nrpe ntp nut openvpn ovirt-imageio ovirt-storageconsole ovirt-vmconsole plex pmcd pmproxy pmwebapi pmwebapis pop3 pop3s postgresql privoxy proxy-dhcp ptp pulseaudio puppetmaster quassel radius redis rpc-bind rsh rsyncd rtsp salt-master samba samba-client samba-dc sane sip sips slp smtp smtp-submission smtps snmp snmptrap spideroak-lansync squid ssh steam-streaming svdrp svn syncthing syncthing-gui synergy syslog syslog-tls telnet tftp tftp-client tinc tor-socks transmission-client upnp-client vdsm vnc-server wbem-http wbem-https wsman wsmans xdmcp xmpp-bosh xmpp-client xmpp-local xmpp-server zabbix-agent zabbix-server

Get their properties

In the conf directory 

ll /usr/lib/firewalld/services/
# and for one specific
cat /usr/lib/firewalld/services/ssh.xml

<?xml version="1.0" encoding="utf-8"?>
<service>
  <short>SSH</short>
  <description>Secure Shell (SSH) is a protocol for logging into and executing commands on remote machines. It provides secure encrypted communications. If you plan on accessing your machine remotely via SSH over a firewalled interface, enable this option. You need the openssh-server package installed for this option to be useful.</description>
  <port protocol="tcp" port="22"/>
</service>

List the services

List the services configured: 

firewall-cmd --list-services
  • services bounded to a zone (public) that accepts traffic
firewall-cmd --list-services --zone=public

dhcpv6-client ssh

Add or remove a service from the default zone

Add or remove a service from the default zone 

firewall-cmd --add-service=kerberos --permanent
firewall-cmd --remove-service=kerberos --permanent
  • Add or remove a service with the zone defined
firewall-cmd --add-service=ssh --zone=home --permanent
firewall-cmd --remove-service=kerberos --zone=public --permanent




Discover More
Firewalld

Cheatsheet on the usage of Firewalld
Firewalld - Policy

A policy applies a set of rules to traffic flowing between zones. The policy affects traffic in a stateful unidirectional manner, e.g. from: an ingress zone: zoneA to an egress zone: zoneB. ...
Firewalld - Zone

A zone is a grouping of rule configurations known as zone option. A firewall zone is defined for: a connection, an interface or source address binding (range of source addresses) This is a one-to-many...
How to restrict your firewall by country firewalld (ie iptable)

A step-by-step on how to configure your iptable firewall with firewalld to allow only requests originating from a country
Management of Port in Firewalld

This page is the management of port within firewalld Ports can be named: numerically with the internet protocol. ie: for a HTTP server port 80/tcp or 80 (as tcp is the default) or with...
What are Rich Rules or Rules in Firewalld?

Rich rule is a line of text that: begins with rule defines a list of options and terminates by an action: accept reject drop mark If a packet matches the options of the rich rule, the...



Share this page:
Follow us:
Task Runner