Managing your Linux firewall effectively is crucial for system security. On many modern distributions, firewalld is the default dynamic firewall management tool, offering a flexible way to define rules without restarting the service constantly. Understanding its core concepts like zones and services is key to controlling network traffic flow.
Instead of static rule sets, firewalld utilizes zones to manage trust levels for network connections. Each zone has predefined settings for services and ports that are permitted. You can assign network interfaces or source addresses to specific zones like public (least trusted), internal, trusted (most trusted), and others, applying the zone’s rules automatically.
Common applications are simplified through predefined services. Rather than remembering specific port numbers like 22 for SSH or 80 for HTTP, you can simply allow the ssh or http service within a zone. If a service isn’t predefined, you can explicitly open or close specific ports using their number and protocol (TCP or UDP).
The primary command-line tool for interacting with firewalld is firewall-cmd. This powerful utility allows you to manage zones, add or remove services and ports, change interface assignments, and inspect the current configuration.
Crucially, changes made with firewall-cmd are temporary (runtime) by default. To make rules persist after a firewalld reload or system reboot, you must include the –permanent flag in your commands. After making permanent changes, you need to use firewall-cmd –reload to apply them to the running firewall configuration.
Essential commands include checking the firewall status (firewall-cmd –state), listing available zones (firewall-cmd –get-zones), seeing which zones are active (firewall-cmd –get-active-zones), and listing all rules within a specific zone (firewall-cmd –zone=public –list-all). Adding a service permanently to the public zone would look like firewall-cmd –zone=public –add-service=ssh –permanent, followed by a firewall-cmd –reload.
Mastering firewalld basics provides robust protection, allowing you to easily manage network access based on context and trust level. By using zones, services, and the firewall-cmd tool with the –permanent flag and –reload, you ensure your system’s security policies are both effective and persistent.
Source: https://kifarunix.com/basic-operation-of-firewalld-in-linux/
