Firewalld - How-to 's

This page regroups a list of how to around the firewall firewalld

Execute this command:

firewall-cmd --permanent \
  --add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" protocol value="tcp" accept'

where:

• –permanent means that the rule will be used even after reboot.
• –add-rich-rule specifies the rich rule that has the following options:
  • family - the type of IP
  • source address=“192.168.78.76/32” - the source specified as an cidr
  • protocol value=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
  • accept - the action to take

Execute this command:

firewall-cmd --permanent \
  --add-rich-rule='rule family="ipv4" source address="192.168.78.76/32" port port="8080" protocol="tcp" accept'

where:

• –permanent means that the rule will be used even after reboot.
• –add-rich-rule specifies the rich rule that has the following options:
  • family - the type of IP
  • source address=“192.168.78.76/32” - the source specified as an cidr
  • port port=“8080” - the port defined by port (you could also have defined a service)
  • protocol=“tcp” - the network protocol (ie TCP generally, UDP if you know what your are doing)
  • accept - the action to take

Add this Rich rule

Execute this command:

firewall-cmd --permanent \
  --add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'

If you want to filter your packet by country, see this page:

Firewalld - Country Filtering

If you want to filter your HTTP packet based on subnet such as all server from Cloudlfare, see this page:

Firewalld - Allowing only the HTTP Traffic from a subnet such as the servers from Cloudflare

If your firewall is locking you out of your machine, this article will explains you how to disable it and take control back.

Firewall - How to disable your firewall in a rescue mode