Firewalld - How-to 's

This page regroups a list of how to around the firewall firewalld

Execute this command:

firewall-cmd --permanent \
  --add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" protocol value="tcp" accept'

where:

• –permanent means that the rule will be used even after reboot.
• –add-rich-rule specifies the rich rule that has the following options:
  • family - the type of IP
  • source address=“192.168.78.76/32” - the source specified as an cidr
  • protocol value=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
  • accept - the action to take

Execute this command:

firewall-cmd --permanent \
  --add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" port port="8080" protocol="tcp" accept'

where:

• –permanent means that the rule will be used even after reboot.
• –add-rich-rule specifies the rich rule that has the following options:
  • family - the type of IP
  • source address=“192.168.78.76/32” - the source specified as an cidr
  • port port=“8080” - the port defined by port (you could also have defined a service)
  • protocol=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
  • accept - the action to take

Add this Rich rule

Execute this command:

firewall-cmd --permanent \
  --add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'

If you want to filter your packet by country, see this page:

How to restrict your firewall by country firewalld (ie iptable)

If you want to filter your HTTP packet based on subnet such as all server from Cloudlfare, see this page:

How to allow the Cloudflare HTTP traffic to your Origin Server with Firewalld (iptables)

If your firewall is locking you out of your machine, this article will explains you how to disable it and take control back.

How to disable your firewall in rescue mode ?