Uncategorized

Photo of author

By Thomas C

 Common firewall-cmd commands with scenarios. Feel free to ask for more examples if needed.

  1. List all active zones.

firewall-cmd –get-active-zones

This command displays all active firewall zones on the system.

  • Add a service to a zone

firewall-cmd –zone=public –add-service=http

This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.

  • Example 3: Remove a service from a zone

firewall-cmd –zone=public –remove-service=http

This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.

  • Example 4: Add a port to a zone

firewall-cmd –zone=public –add-port=8080/tcp

This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.

  • Example 5: Remove a port from a zone

firewall-cmd –zone=public –remove-port=8080/tcp

This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.

  • Example 6: List all services in a zone

firewall-cmd –zone=public –list-services

This command lists all services allowed in the public zone.

  • Example 7: List all ports in a zone

firewall-cmd --zone=public --list-ports

This command lists all ports opened in the public zone.

  • Example 8: Set a default zone

firewall-cmd –set-default-zone=public

This command sets the public zone as the default zone for incoming network connections.

  • Example 9: Enable masquerading

firewall-cmd –zone=public –add-masquerade

This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.

  1. Example 10: Reload the firewall configuration

firewall-cmd –reload

.

  1. Example 11: List all zones

firewall-cmd –get-zones

This command lists all available firewall zones on the system.

  1. Example 12: Add a source IP address to a zone

firewall-cmd –zone=public –add-source=192.168.0.10

This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.

  1. Example 13: Remove a source IP address from a zone

firewall-cmd –zone=public –remove-source=192.168.0.10

This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.

  1. Example 14: Set a zone as the default for network interfaces

firewall-cmd –zone=public –change-interface=eth0

This command sets the public zone as the default zone for the network interface eth0.

  1. Example 15: Add a rich rule to a zone

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.

  1. Example 16: Remove a rich rule from a zone

firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command removes a specific rich rule from the public zone.

  1. Example 17: Enable a specific firewall feature

firewall-cmd –permanent –enable=ipsec

This command enables the IPsec firewall feature.

  1. Example 18: Disable a specific firewall feature

firewall-cmd –permanent –disable=ipsec

This command disables the IPsec firewall feature.

  1. Example 19: Configure a zone to log packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Firewall Log: “

This command configures the public zone to log packets with a custom log prefix.

  • Example 20: Display the runtime status of the firewall

firewall-cmd –state

  • Example 21: Add a custom service to a zone

firewall-cmd –permanent –zone=public –add-service=myapp

This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.

  • Example 22: Remove a custom service from a zone

firewall-cmd –permanent –zone=public –remove-service=myapp

This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.

  • Example 23: Reload the firewall configuration without losing established connections

firewall-cmd –reload –complete-reload

This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.

  • Example 24: List all supported services

firewall-cmd –get-services

This command lists all the supported services that can be used with firewall-cmd.

  • Example 25: Configure a zone to block all incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command configures the public zone to drop all incoming traffic.

  • Example 26: Configure a zone to block all outgoing traffic

firewall-cmd –zone=public –set-target=DROP –out-interface=eth0

This command configures the public zone to drop all outgoing traffic on the specified network interface.

  • Example 27: Configure a zone to reject incoming traffic with a specific ICMP message

firewall-cmd –zone=public –set-target=REJECT –reject-with=icmp-port-unreachable

This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.

  • Example 28: Configure a zone to forward packets

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.

  • Example 29: List all supported protocols

firewall-cmd –get-protocols

This command lists all the supported protocols that can be used with firewall-cmd.

  • Example 30: Display the version of firewalld

firewall-cmd –version

This command displays the version of the firewalld firewall management tool installed on the system.

  • Example 31: Add a source IP range to a zone

firewall-cmd –zone=public –add-source=192.168.0.0/24

This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.

  • Example 32: Remove a source IP range from a zone

firewall-cmd –zone=public –remove-source=192.168.0.0/24

This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.

  • Example 33: Configure a zone to reject all incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command configures the public zone to reject all incoming traffic.

  • Example 34: Configure a zone to reject all outgoing traffic

firewall-cmd –zone=public –set-target=REJECT –out-interface=eth0

This command configures the public zone to reject all outgoing traffic on the specified network interface.

  • Example 35: Configure a zone to log dropped packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Dropped Packet: ” –log-level=notice

This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.

  • Example 36: Configure a zone to limit the maximum number of connections

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ limit value=”10/s” accept’

This command configures the public zone to limit the maximum number of incoming connections to 10 per second.

  • Example 37: Configure a zone to allow incoming traffic only from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.

  • Example 38: Configure a zone to allow incoming traffic only on specific ports

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”80″ protocol=”tcp” accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”443″ protocol=”tcp” accept’

This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.

  • Example 39: Configure a zone to block incoming traffic from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

This command configures the public zone

  • Example 41: Configure a zone to block outgoing traffic to a specific destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.

  • Example 42: Configure a zone to allow incoming traffic on a specific interface

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ interface=”eth0″ accept’

This command configures the public zone to allow incoming traffic on the network interface eth0.

  • Example 43: Configure a zone to block all IPv6 traffic

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ reject’

This command configures the public zone to block all incoming and outgoing IPv6 traffic.

  • Example 44: List all runtime configurations of a zone

firewall-cmd –zone=public –list-all

This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.

  • Example 45: Set the default action for a zone to drop incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command sets the default action for the public zone to drop incoming traffic.

  • Example 46: Set the default action for a zone to reject incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command sets the default action for the public zone to reject incoming traffic.

  • Example 47: Configure a zone to forward specific ports to a different destination

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.

  • Example 48: Configure a zone to block specific ICMP packets

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”icmp” icmp-type=echo-request reject’

This command configures the public zone to block incoming ICMP echo requests.

  • Example 49: Configure a zone to allow incoming traffic on a specific source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”12345″ accept’

This command configures the public zone to allow incoming traffic on the specific source port 12345.

  • Example 50: Configure a zone to block incoming traffic on a specific destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”22″ reject’

This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).

Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:

  • Example 51: Configure a zone to allow incoming traffic on a specific source IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.

  • Example 52: Configure a zone to block incoming traffic on a specific destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”192.168.0.0/24″ reject’

This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.

  • Example 53: Configure a zone to allow incoming traffic on a specific source MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.

  • Example 54: Configure a zone to block incoming traffic on a specific destination MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination mac=”00:11:22:33:44:55″ reject’

This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.

  • Example 55: Configure a zone to allow incoming traffic on a specific source VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source vlan=”100″ accept’

This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.

  • Example 56: Configure a zone to block incoming traffic on a specific destination VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination vlan=”100″ reject’

This command configures the public zone to block incoming traffic to the specific VLAN ID 100.

  • Example 57: Configure a zone to allow incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”alice” accept’

This command configures the public zone to allow incoming traffic from the specific user “alice”.

  • Example 58: Configure a zone to block incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”bob” reject’

This command configures the public zone to block incoming traffic from the specific user “bob”.

  • Example 59: Configure a zone to allow incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”FIN,SYN” accept’

This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.

  • Example 60: Configure a zone to block incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”RST” reject’

This command configures the public zone to block incoming TCP traffic with the “RST” flag set.

  • Example 61: Configure a zone to allow incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”echo-reply” accept’

This command configures the public zone to allow incoming ICMP echo-reply packets.

  • Example 62: Configure a zone to block incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”destination-unreachable” reject’

This command configures the public zone to block incoming ICMP destination-unreachable packets.

  • Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”parameter-problem” accept’

This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.

  • Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”packet-too-big” reject’

This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.

  • Example 65: Configure a zone to allow incoming traffic on a specific source port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”30000-40000″ accept’

This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).

  • Example 66: Configure a zone to block incoming traffic on a specific destination port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”2000-3000″ reject’

This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).

  • Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”112″ accept’

This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).

  • Example 68: Configure a zone to block incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”58″ reject’

This command configures the public zone to block incoming traffic with the specific IP protocol number (58).

  • Example 69: Configure a zone to allow incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”2″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).

  • Example 70: Configure a zone to block incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”4″ reject’

This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).

  • Example 71: Configure a zone to allow incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”7″ accept’

This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).

  • Example 72: Configure a zone to block incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”9″ reject’

This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).

  • Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”MF” accept’

This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.

  • Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”DF” reject’

This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.

  • Example 75: Configure a zone to allow incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”4″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).

  • Example 76: Configure a zone to block incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”7″ reject’

This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).

  • Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 78: Configure a zone to block incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”22″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).

  • Example 79: Configure a zone to allow incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ accept’

This command configures the public zone to allow incoming traffic from multiple specific IP addresses.

  • Example 80: Configure a zone to block incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ reject’

This command configures the public zone to block incoming traffic from multiple specific IP addresses.

  • Example 81: Configure a zone to allow incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.

  • Example 82: Configure a zone to block incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.

  • Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”80″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.

  • Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”443″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.

  • Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.

  • Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” source port=”12345″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.

  1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
    “`bash
    firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp

Examples of examples of common firewall-cmd commands with scenarios. Feel free to ask for more examples if needed.

  1. List all active zones.

firewall-cmd –get-active-zones

This command displays all active firewall zones on the system.

  • Add a service to a zone

firewall-cmd –zone=public –add-service=http

This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.

  • Example 3: Remove a service from a zone

firewall-cmd –zone=public –remove-service=http

This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.

  • Example 4: Add a port to a zone

firewall-cmd –zone=public –add-port=8080/tcp

This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.

  • Example 5: Remove a port from a zone

firewall-cmd –zone=public –remove-port=8080/tcp

This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.

  • Example 6: List all services in a zone

firewall-cmd –zone=public –list-services

This command lists all services allowed in the public zone.

  • Example 7: List all ports in a zone

firewall-cmd –zone=public –list-ports

This command lists all ports opened in the public zone.

  • Example 8: Set a default zone

firewall-cmd –set-default-zone=public

This command sets the public zone as the default zone for incoming network connections.

  • Example 9: Enable masquerading

firewall-cmd –zone=public –add-masquerade

This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.

  1. Example 10: Reload the firewall configuration

firewall-cmd –reload

.

  1. Example 11: List all zones

firewall-cmd –get-zones

This command lists all available firewall zones on the system.

  1. Example 12: Add a source IP address to a zone

firewall-cmd –zone=public –add-source=192.168.0.10

This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.

  1. Example 13: Remove a source IP address from a zone

firewall-cmd –zone=public –remove-source=192.168.0.10

This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.

  1. Example 14: Set a zone as the default for network interfaces

firewall-cmd –zone=public –change-interface=eth0

This command sets the public zone as the default zone for the network interface eth0.

  1. Example 15: Add a rich rule to a zone

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.

  1. Example 16: Remove a rich rule from a zone

firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command removes a specific rich rule from the public zone.

  1. Example 17: Enable a specific firewall feature

firewall-cmd –permanent –enable=ipsec

This command enables the IPsec firewall feature.

  1. Example 18: Disable a specific firewall feature

firewall-cmd –permanent –disable=ipsec

This command disables the IPsec firewall feature.

  1. Example 19: Configure a zone to log packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Firewall Log: “

This command configures the public zone to log packets with a custom log prefix.

  • Example 20: Display the runtime status of the firewall

firewall-cmd –state

  • Example 21: Add a custom service to a zone

firewall-cmd –permanent –zone=public –add-service=myapp

This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.

  • Example 22: Remove a custom service from a zone

firewall-cmd –permanent –zone=public –remove-service=myapp

This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.

  • Example 23: Reload the firewall configuration without losing established connections

firewall-cmd –reload –complete-reload

This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.

  • Example 24: List all supported services

firewall-cmd –get-services

This command lists all the supported services that can be used with firewall-cmd.

  • Example 25: Configure a zone to block all incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command configures the public zone to drop all incoming traffic.

  • Example 26: Configure a zone to block all outgoing traffic

firewall-cmd –zone=public –set-target=DROP –out-interface=eth0

This command configures the public zone to drop all outgoing traffic on the specified network interface.

  • Example 27: Configure a zone to reject incoming traffic with a specific ICMP message

firewall-cmd –zone=public –set-target=REJECT –reject-with=icmp-port-unreachable

This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.

  • Example 28: Configure a zone to forward packets

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.

  • Example 29: List all supported protocols

firewall-cmd –get-protocols

This command lists all the supported protocols that can be used with firewall-cmd.

  • Example 30: Display the version of firewalld

firewall-cmd –version

This command displays the version of the firewalld firewall management tool installed on the system.

  • Example 31: Add a source IP range to a zone

firewall-cmd –zone=public –add-source=192.168.0.0/24

This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.

  • Example 32: Remove a source IP range from a zone

firewall-cmd –zone=public –remove-source=192.168.0.0/24

This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.

  • Example 33: Configure a zone to reject all incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command configures the public zone to reject all incoming traffic.

  • Example 34: Configure a zone to reject all outgoing traffic

firewall-cmd –zone=public –set-target=REJECT –out-interface=eth0

This command configures the public zone to reject all outgoing traffic on the specified network interface.

  • Example 35: Configure a zone to log dropped packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Dropped Packet: ” –log-level=notice

This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.

  • Example 36: Configure a zone to limit the maximum number of connections

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ limit value=”10/s” accept’

This command configures the public zone to limit the maximum number of incoming connections to 10 per second.

  • Example 37: Configure a zone to allow incoming traffic only from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.

  • Example 38: Configure a zone to allow incoming traffic only on specific ports

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”80″ protocol=”tcp” accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”443″ protocol=”tcp” accept’

This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.

  • Example 39: Configure a zone to block incoming traffic from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

This command configures the public zone

  • Example 41: Configure a zone to block outgoing traffic to a specific destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.

  • Example 42: Configure a zone to allow incoming traffic on a specific interface

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ interface=”eth0″ accept’

This command configures the public zone to allow incoming traffic on the network interface eth0.

  • Example 43: Configure a zone to block all IPv6 traffic

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ reject’

This command configures the public zone to block all incoming and outgoing IPv6 traffic.

  • Example 44: List all runtime configurations of a zone

firewall-cmd –zone=public –list-all

This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.

  • Example 45: Set the default action for a zone to drop incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command sets the default action for the public zone to drop incoming traffic.

  • Example 46: Set the default action for a zone to reject incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command sets the default action for the public zone to reject incoming traffic.

  • Example 47: Configure a zone to forward specific ports to a different destination

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.

  • Example 48: Configure a zone to block specific ICMP packets

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”icmp” icmp-type=echo-request reject’

This command configures the public zone to block incoming ICMP echo requests.

  • Example 49: Configure a zone to allow incoming traffic on a specific source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”12345″ accept’

This command configures the public zone to allow incoming traffic on the specific source port 12345.

  • Example 50: Configure a zone to block incoming traffic on a specific destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”22″ reject’

This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).

Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:

  • Example 51: Configure a zone to allow incoming traffic on a specific source IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.

  • Example 52: Configure a zone to block incoming traffic on a specific destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”192.168.0.0/24″ reject’

This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.

  • Example 53: Configure a zone to allow incoming traffic on a specific source MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.

  • Example 54: Configure a zone to block incoming traffic on a specific destination MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination mac=”00:11:22:33:44:55″ reject’

This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.

  • Example 55: Configure a zone to allow incoming traffic on a specific source VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source vlan=”100″ accept’

This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.

  • Example 56: Configure a zone to block incoming traffic on a specific destination VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination vlan=”100″ reject’

This command configures the public zone to block incoming traffic to the specific VLAN ID 100.

  • Example 57: Configure a zone to allow incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”alice” accept’

This command configures the public zone to allow incoming traffic from the specific user “alice”.

  • Example 58: Configure a zone to block incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”bob” reject’

This command configures the public zone to block incoming traffic from the specific user “bob”.

  • Example 59: Configure a zone to allow incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”FIN,SYN” accept’

This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.

  • Example 60: Configure a zone to block incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”RST” reject’

This command configures the public zone to block incoming TCP traffic with the “RST” flag set.

  • Example 61: Configure a zone to allow incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”echo-reply” accept’

This command configures the public zone to allow incoming ICMP echo-reply packets.

  • Example 62: Configure a zone to block incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”destination-unreachable” reject’

This command configures the public zone to block incoming ICMP destination-unreachable packets.

  • Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”parameter-problem” accept’

This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.

  • Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”packet-too-big” reject’

This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.

  • Example 65: Configure a zone to allow incoming traffic on a specific source port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”30000-40000″ accept’

This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).

  • Example 66: Configure a zone to block incoming traffic on a specific destination port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”2000-3000″ reject’

This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).

  • Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”112″ accept’

This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).

  • Example 68: Configure a zone to block incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”58″ reject’

This command configures the public zone to block incoming traffic with the specific IP protocol number (58).

  • Example 69: Configure a zone to allow incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”2″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).

  • Example 70: Configure a zone to block incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”4″ reject’

This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).

  • Example 71: Configure a zone to allow incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”7″ accept’

This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).

  • Example 72: Configure a zone to block incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”9″ reject’

This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).

  • Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”MF” accept’

This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.

  • Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”DF” reject’

This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.

  • Example 75: Configure a zone to allow incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”4″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).

  • Example 76: Configure a zone to block incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”7″ reject’

This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).

  • Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 78: Configure a zone to block incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”22″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).

  • Example 79: Configure a zone to allow incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ accept’

This command configures the public zone to allow incoming traffic from multiple specific IP addresses.

  • Example 80: Configure a zone to block incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ reject’

This command configures the public zone to block incoming traffic from multiple specific IP addresses.

  • Example 81: Configure a zone to allow incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.

  • Example 82: Configure a zone to block incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.

  • Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”80″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.

  • Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”443″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.

  • Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.

  • Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” source port=”12345″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.

  1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
    “`bash
    firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp

. Feel free to ask for more examples if needed.

List all active zones.

firewall-cmd –get-active-zones

This command displays all active firewall zones on the system.

Add a service to a zone

firewall-cmd –zone=public –add-service=http

This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.

 

3: Remove a service from a zone

firewall-cmd –zone=public –remove-service=http

This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.

Example 4: Add a port to a zone

firewall-cmd –zone=public –add-port=8080/tcp

This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.

Example 5: Remove a port from a zone

firewall-cmd –zone=public –remove-port=8080/tcp

This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.

Example 6: List all services in a zone

firewall-cmd –zone=public –list-services

This command lists all services allowed in the public zone.

  • Example 7: List all ports in a zone

firewall-cmd –zone=public –list-ports

This command lists all ports opened in the public zone.

  • Example 8: Set a default zone

firewall-cmd –set-default-zone=public

This command sets the public zone as the default zone for incoming network connections.

  • Example 9: Enable masquerading

firewall-cmd –zone=public –add-masquerade

This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.

  1. Example 10: Reload the firewall configuration

firewall-cmd –reload

.

  1. Example 11: List all zones

firewall-cmd –get-zones

This command lists all available firewall zones on the system.

  1. Example 12: Add a source IP address to a zone

firewall-cmd –zone=public –add-source=192.168.0.10

This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.

  1. Example 13: Remove a source IP address from a zone

firewall-cmd –zone=public –remove-source=192.168.0.10

This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.

  1. Example 14: Set a zone as the default for network interfaces

firewall-cmd –zone=public –change-interface=eth0

This command sets the public zone as the default zone for the network interface eth0.

  1. Example 15: Add a rich rule to a zone

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.

  1. Example 16: Remove a rich rule from a zone

firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command removes a specific rich rule from the public zone.

  1. Example 17: Enable a specific firewall feature

firewall-cmd –permanent –enable=ipsec

This command enables the IPsec firewall feature.

  1. Example 18: Disable a specific firewall feature

firewall-cmd –permanent –disable=ipsec

This command disables the IPsec firewall feature.

  1. Example 19: Configure a zone to log packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Firewall Log: “

This command configures the public zone to log packets with a custom log prefix.

  • Example 20: Display the runtime status of the firewall

firewall-cmd –state

  • Example 21: Add a custom service to a zone

firewall-cmd –permanent –zone=public –add-service=myapp

This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.

  • Example 22: Remove a custom service from a zone

firewall-cmd –permanent –zone=public –remove-service=myapp

This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.

  • Example 23: Reload the firewall configuration without losing established connections

firewall-cmd –reload –complete-reload

This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.

  • Example 24: List all supported services

firewall-cmd –get-services

This command lists all the supported services that can be used with firewall-cmd.

  • Example 25: Configure a zone to block all incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command configures the public zone to drop all incoming traffic.

  • Example 26: Configure a zone to block all outgoing traffic

firewall-cmd –zone=public –set-target=DROP –out-interface=eth0

This command configures the public zone to drop all outgoing traffic on the specified network interface.

  • Example 27: Configure a zone to reject incoming traffic with a specific ICMP message

firewall-cmd –zone=public –set-target=REJECT –reject-with=icmp-port-unreachable

This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.

  • Example 28: Configure a zone to forward packets

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.

  • Example 29: List all supported protocols

firewall-cmd –get-protocols

This command lists all the supported protocols that can be used with firewall-cmd.

  • Example 30: Display the version of firewalld

firewall-cmd –version

This command displays the version of the firewalld firewall management tool installed on the system.

  • Example 31: Add a source IP range to a zone

firewall-cmd –zone=public –add-source=192.168.0.0/24

This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.

  • Example 32: Remove a source IP range from a zone

firewall-cmd –zone=public –remove-source=192.168.0.0/24

This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.

  • Example 33: Configure a zone to reject all incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command configures the public zone to reject all incoming traffic.

  • Example 34: Configure a zone to reject all outgoing traffic

firewall-cmd –zone=public –set-target=REJECT –out-interface=eth0

This command configures the public zone to reject all outgoing traffic on the specified network interface.

  • Example 35: Configure a zone to log dropped packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Dropped Packet: ” –log-level=notice

This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.

  • Example 36: Configure a zone to limit the maximum number of connections

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ limit value=”10/s” accept’

This command configures the public zone to limit the maximum number of incoming connections to 10 per second.

  • Example 37: Configure a zone to allow incoming traffic only from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.

  • Example 38: Configure a zone to allow incoming traffic only on specific ports

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”80″ protocol=”tcp” accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”443″ protocol=”tcp” accept’

This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.

  • Example 39: Configure a zone to block incoming traffic from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

This command configures the public zone

  • Example 41: Configure a zone to block outgoing traffic to a specific destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.

  • Example 42: Configure a zone to allow incoming traffic on a specific interface

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ interface=”eth0″ accept’

This command configures the public zone to allow incoming traffic on the network interface eth0.

  • Example 43: Configure a zone to block all IPv6 traffic

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ reject’

This command configures the public zone to block all incoming and outgoing IPv6 traffic.

  • Example 44: List all runtime configurations of a zone

firewall-cmd –zone=public –list-all

This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.

  • Example 45: Set the default action for a zone to drop incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command sets the default action for the public zone to drop incoming traffic.

  • Example 46: Set the default action for a zone to reject incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command sets the default action for the public zone to reject incoming traffic.

  • Example 47: Configure a zone to forward specific ports to a different destination

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.

  • Example 48: Configure a zone to block specific ICMP packets

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”icmp” icmp-type=echo-request reject’

This command configures the public zone to block incoming ICMP echo requests.

  • Example 49: Configure a zone to allow incoming traffic on a specific source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”12345″ accept’

This command configures the public zone to allow incoming traffic on the specific source port 12345.

  • Example 50: Configure a zone to block incoming traffic on a specific destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”22″ reject’

This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).

Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:

  • Example 51: Configure a zone to allow incoming traffic on a specific source IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.

  • Example 52: Configure a zone to block incoming traffic on a specific destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”192.168.0.0/24″ reject’

This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.

  • Example 53: Configure a zone to allow incoming traffic on a specific source MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.

  • Example 54: Configure a zone to block incoming traffic on a specific destination MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination mac=”00:11:22:33:44:55″ reject’

This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.

  • Example 55: Configure a zone to allow incoming traffic on a specific source VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source vlan=”100″ accept’

This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.

  • Example 56: Configure a zone to block incoming traffic on a specific destination VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination vlan=”100″ reject’

This command configures the public zone to block incoming traffic to the specific VLAN ID 100.

  • Example 57: Configure a zone to allow incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”alice” accept’

This command configures the public zone to allow incoming traffic from the specific user “alice”.

  • Example 58: Configure a zone to block incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”bob” reject’

This command configures the public zone to block incoming traffic from the specific user “bob”.

  • Example 59: Configure a zone to allow incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”FIN,SYN” accept’

This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.

  • Example 60: Configure a zone to block incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”RST” reject’

This command configures the public zone to block incoming TCP traffic with the “RST” flag set.

  • Example 61: Configure a zone to allow incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”echo-reply” accept’

This command configures the public zone to allow incoming ICMP echo-reply packets.

  • Example 62: Configure a zone to block incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”destination-unreachable” reject’

This command configures the public zone to block incoming ICMP destination-unreachable packets.

  • Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”parameter-problem” accept’

This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.

  • Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”packet-too-big” reject’

This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.

  • Example 65: Configure a zone to allow incoming traffic on a specific source port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”30000-40000″ accept’

This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).

  • Example 66: Configure a zone to block incoming traffic on a specific destination port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”2000-3000″ reject’

This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).

  • Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”112″ accept’

This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).

  • Example 68: Configure a zone to block incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”58″ reject’

This command configures the public zone to block incoming traffic with the specific IP protocol number (58).

  • Example 69: Configure a zone to allow incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”2″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).

  • Example 70: Configure a zone to block incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”4″ reject’

This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).

  • Example 71: Configure a zone to allow incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”7″ accept’

This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).

  • Example 72: Configure a zone to block incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”9″ reject’

This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).

  • Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”MF” accept’

This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.

  • Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”DF” reject’

This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.

  • Example 75: Configure a zone to allow incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”4″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).

  • Example 76: Configure a zone to block incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”7″ reject’

This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).

  • Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 78: Configure a zone to block incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”22″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).

  • Example 79: Configure a zone to allow incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ accept’

This command configures the public zone to allow incoming traffic from multiple specific IP addresses.

  • Example 80: Configure a zone to block incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ reject’

This command configures the public zone to block incoming traffic from multiple specific IP addresses.

  • Example 81: Configure a zone to allow incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.

  • Example 82: Configure a zone to block incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.

  • Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”80″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.

  • Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”443″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.

  • Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.

  • Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22

 Common firewall-cmd commands with scenarios. Feel free to ask for more examples if needed.

  1. List all active zones.

firewall-cmd –get-active-zones

This command displays all active firewall zones on the system.

  • Add a service to a zone

firewall-cmd –zone=public –add-service=http

This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.

  • Example 3: Remove a service from a zone

firewall-cmd –zone=public –remove-service=http

This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.

  • Example 4: Add a port to a zone

firewall-cmd –zone=public –add-port=8080/tcp

This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.

  • Example 5: Remove a port from a zone

firewall-cmd –zone=public –remove-port=8080/tcp

This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.

  • Example 6: List all services in a zone

firewall-cmd –zone=public –list-services

This command lists all services allowed in the public zone.

  • Example 7: List all ports in a zone

firewall-cmd –zone=public –list-ports

This command lists all ports opened in the public zone.

  • Example 8: Set a default zone

firewall-cmd –set-default-zone=public

This command sets the public zone as the default zone for incoming network connections.

  • Example 9: Enable masquerading

firewall-cmd –zone=public –add-masquerade

This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.

  1. Example 10: Reload the firewall configuration

firewall-cmd –reload

.

  1. Example 11: List all zones

firewall-cmd –get-zones

This command lists all available firewall zones on the system.

  1. Example 12: Add a source IP address to a zone

firewall-cmd –zone=public –add-source=192.168.0.10

This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.

  1. Example 13: Remove a source IP address from a zone

firewall-cmd –zone=public –remove-source=192.168.0.10

This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.

  1. Example 14: Set a zone as the default for network interfaces

firewall-cmd –zone=public –change-interface=eth0

This command sets the public zone as the default zone for the network interface eth0.

  1. Example 15: Add a rich rule to a zone

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.

  1. Example 16: Remove a rich rule from a zone

firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command removes a specific rich rule from the public zone.

  1. Example 17: Enable a specific firewall feature

firewall-cmd –permanent –enable=ipsec

This command enables the IPsec firewall feature.

  1. Example 18: Disable a specific firewall feature

firewall-cmd –permanent –disable=ipsec

This command disables the IPsec firewall feature.

  1. Example 19: Configure a zone to log packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Firewall Log: “

This command configures the public zone to log packets with a custom log prefix.

  • Example 20: Display the runtime status of the firewall

firewall-cmd –state

  • Example 21: Add a custom service to a zone

firewall-cmd –permanent –zone=public –add-service=myapp

This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.

  • Example 22: Remove a custom service from a zone

firewall-cmd –permanent –zone=public –remove-service=myapp

This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.

  • Example 23: Reload the firewall configuration without losing established connections

firewall-cmd –reload –complete-reload

This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.

  • Example 24: List all supported services

firewall-cmd –get-services

This command lists all the supported services that can be used with firewall-cmd.

  • Example 25: Configure a zone to block all incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command configures the public zone to drop all incoming traffic.

  • Example 26: Configure a zone to block all outgoing traffic

firewall-cmd –zone=public –set-target=DROP –out-interface=eth0

This command configures the public zone to drop all outgoing traffic on the specified network interface.

  • Example 27: Configure a zone to reject incoming traffic with a specific ICMP message

firewall-cmd –zone=public –set-target=REJECT –reject-with=icmp-port-unreachable

This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.

  • Example 28: Configure a zone to forward packets

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.

  • Example 29: List all supported protocols

firewall-cmd –get-protocols

This command lists all the supported protocols that can be used with firewall-cmd.

  • Example 30: Display the version of firewalld

firewall-cmd –version

This command displays the version of the firewalld firewall management tool installed on the system.

  • Example 31: Add a source IP range to a zone

firewall-cmd –zone=public –add-source=192.168.0.0/24

This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.

  • Example 32: Remove a source IP range from a zone

firewall-cmd –zone=public –remove-source=192.168.0.0/24

This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.

  • Example 33: Configure a zone to reject all incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command configures the public zone to reject all incoming traffic.

  • Example 34: Configure a zone to reject all outgoing traffic

firewall-cmd –zone=public –set-target=REJECT –out-interface=eth0

This command configures the public zone to reject all outgoing traffic on the specified network interface.

  • Example 35: Configure a zone to log dropped packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Dropped Packet: ” –log-level=notice

This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.

  • Example 36: Configure a zone to limit the maximum number of connections

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ limit value=”10/s” accept’

This command configures the public zone to limit the maximum number of incoming connections to 10 per second.

  • Example 37: Configure a zone to allow incoming traffic only from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.

  • Example 38: Configure a zone to allow incoming traffic only on specific ports

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”80″ protocol=”tcp” accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”443″ protocol=”tcp” accept’

This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.

  • Example 39: Configure a zone to block incoming traffic from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

This command configures the public zone

  • Example 41: Configure a zone to block outgoing traffic to a specific destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.

  • Example 42: Configure a zone to allow incoming traffic on a specific interface

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ interface=”eth0″ accept’

This command configures the public zone to allow incoming traffic on the network interface eth0.

  • Example 43: Configure a zone to block all IPv6 traffic

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ reject’

This command configures the public zone to block all incoming and outgoing IPv6 traffic.

  • Example 44: List all runtime configurations of a zone

firewall-cmd –zone=public –list-all

This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.

  • Example 45: Set the default action for a zone to drop incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command sets the default action for the public zone to drop incoming traffic.

  • Example 46: Set the default action for a zone to reject incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command sets the default action for the public zone to reject incoming traffic.

  • Example 47: Configure a zone to forward specific ports to a different destination

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.

  • Example 48: Configure a zone to block specific ICMP packets

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”icmp” icmp-type=echo-request reject’

This command configures the public zone to block incoming ICMP echo requests.

  • Example 49: Configure a zone to allow incoming traffic on a specific source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”12345″ accept’

This command configures the public zone to allow incoming traffic on the specific source port 12345.

  • Example 50: Configure a zone to block incoming traffic on a specific destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”22″ reject’

This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).

Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:

  • Example 51: Configure a zone to allow incoming traffic on a specific source IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.

  • Example 52: Configure a zone to block incoming traffic on a specific destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”192.168.0.0/24″ reject’

This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.

  • Example 53: Configure a zone to allow incoming traffic on a specific source MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.

  • Example 54: Configure a zone to block incoming traffic on a specific destination MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination mac=”00:11:22:33:44:55″ reject’

This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.

  • Example 55: Configure a zone to allow incoming traffic on a specific source VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source vlan=”100″ accept’

This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.

  • Example 56: Configure a zone to block incoming traffic on a specific destination VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination vlan=”100″ reject’

This command configures the public zone to block incoming traffic to the specific VLAN ID 100.

  • Example 57: Configure a zone to allow incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”alice” accept’

This command configures the public zone to allow incoming traffic from the specific user “alice”.

  • Example 58: Configure a zone to block incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”bob” reject’

This command configures the public zone to block incoming traffic from the specific user “bob”.

  • Example 59: Configure a zone to allow incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”FIN,SYN” accept’

This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.

  • Example 60: Configure a zone to block incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”RST” reject’

This command configures the public zone to block incoming TCP traffic with the “RST” flag set.

  • Example 61: Configure a zone to allow incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”echo-reply” accept’

This command configures the public zone to allow incoming ICMP echo-reply packets.

  • Example 62: Configure a zone to block incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”destination-unreachable” reject’

This command configures the public zone to block incoming ICMP destination-unreachable packets.

  • Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”parameter-problem” accept’

This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.

  • Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”packet-too-big” reject’

This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.

  • Example 65: Configure a zone to allow incoming traffic on a specific source port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”30000-40000″ accept’

This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).

  • Example 66: Configure a zone to block incoming traffic on a specific destination port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”2000-3000″ reject’

This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).

  • Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”112″ accept’

This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).

  • Example 68: Configure a zone to block incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”58″ reject’

This command configures the public zone to block incoming traffic with the specific IP protocol number (58).

  • Example 69: Configure a zone to allow incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”2″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).

  • Example 70: Configure a zone to block incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”4″ reject’

This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).

  • Example 71: Configure a zone to allow incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”7″ accept’

This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).

  • Example 72: Configure a zone to block incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”9″ reject’

This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).

  • Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”MF” accept’

This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.

  • Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”DF” reject’

This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.

  • Example 75: Configure a zone to allow incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”4″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).

  • Example 76: Configure a zone to block incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”7″ reject’

This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).

  • Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 78: Configure a zone to block incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”22″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).

  • Example 79: Configure a zone to allow incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ accept’

This command configures the public zone to allow incoming traffic from multiple specific IP addresses.

  • Example 80: Configure a zone to block incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ reject’

This command configures the public zone to block incoming traffic from multiple specific IP addresses.

  • Example 81: Configure a zone to allow incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.

  • Example 82: Configure a zone to block incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.

  • Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”80″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.

  • Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”443″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.

  • Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.

  • Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” source port=”12345″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.

  1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
    “`bash
    firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp

Examples of examples of common firewall-cmd commands with scenarios. Feel free to ask for more examples if needed.

  1. List all active zones.

firewall-cmd –get-active-zones

This command displays all active firewall zones on the system.

  • Add a service to a zone

firewall-cmd –zone=public –add-service=http

This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.

  • Example 3: Remove a service from a zone

firewall-cmd –zone=public –remove-service=http

This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.

  • Example 4: Add a port to a zone

firewall-cmd –zone=public –add-port=8080/tcp

This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.

  • Example 5: Remove a port from a zone

firewall-cmd –zone=public –remove-port=8080/tcp

This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.

  • Example 6: List all services in a zone

firewall-cmd –zone=public –list-services

This command lists all services allowed in the public zone.

  • Example 7: List all ports in a zone

firewall-cmd –zone=public –list-ports

This command lists all ports opened in the public zone.

  • Example 8: Set a default zone

firewall-cmd –set-default-zone=public

This command sets the public zone as the default zone for incoming network connections.

  • Example 9: Enable masquerading

firewall-cmd –zone=public –add-masquerade

This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.

  1. Example 10: Reload the firewall configuration

firewall-cmd –reload

.

  1. Example 11: List all zones

firewall-cmd –get-zones

This command lists all available firewall zones on the system.

  1. Example 12: Add a source IP address to a zone

firewall-cmd –zone=public –add-source=192.168.0.10

This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.

  1. Example 13: Remove a source IP address from a zone

firewall-cmd –zone=public –remove-source=192.168.0.10

This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.

  1. Example 14: Set a zone as the default for network interfaces

firewall-cmd –zone=public –change-interface=eth0

This command sets the public zone as the default zone for the network interface eth0.

  1. Example 15: Add a rich rule to a zone

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.

  1. Example 16: Remove a rich rule from a zone

firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command removes a specific rich rule from the public zone.

  1. Example 17: Enable a specific firewall feature

firewall-cmd –permanent –enable=ipsec

This command enables the IPsec firewall feature.

  1. Example 18: Disable a specific firewall feature

firewall-cmd –permanent –disable=ipsec

This command disables the IPsec firewall feature.

  1. Example 19: Configure a zone to log packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Firewall Log: “

This command configures the public zone to log packets with a custom log prefix.

  • Example 20: Display the runtime status of the firewall

firewall-cmd –state

  • Example 21: Add a custom service to a zone

firewall-cmd –permanent –zone=public –add-service=myapp

This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.

  • Example 22: Remove a custom service from a zone

firewall-cmd –permanent –zone=public –remove-service=myapp

This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.

  • Example 23: Reload the firewall configuration without losing established connections

firewall-cmd –reload –complete-reload

This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.

  • Example 24: List all supported services

firewall-cmd –get-services

This command lists all the supported services that can be used with firewall-cmd.

  • Example 25: Configure a zone to block all incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command configures the public zone to drop all incoming traffic.

  • Example 26: Configure a zone to block all outgoing traffic

firewall-cmd –zone=public –set-target=DROP –out-interface=eth0

This command configures the public zone to drop all outgoing traffic on the specified network interface.

  • Example 27: Configure a zone to reject incoming traffic with a specific ICMP message

firewall-cmd –zone=public –set-target=REJECT –reject-with=icmp-port-unreachable

This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.

  • Example 28: Configure a zone to forward packets

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.

  • Example 29: List all supported protocols

firewall-cmd –get-protocols

This command lists all the supported protocols that can be used with firewall-cmd.

  • Example 30: Display the version of firewalld

firewall-cmd –version

This command displays the version of the firewalld firewall management tool installed on the system.

  • Example 31: Add a source IP range to a zone

firewall-cmd –zone=public –add-source=192.168.0.0/24

This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.

  • Example 32: Remove a source IP range from a zone

firewall-cmd –zone=public –remove-source=192.168.0.0/24

This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.

  • Example 33: Configure a zone to reject all incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command configures the public zone to reject all incoming traffic.

  • Example 34: Configure a zone to reject all outgoing traffic

firewall-cmd –zone=public –set-target=REJECT –out-interface=eth0

This command configures the public zone to reject all outgoing traffic on the specified network interface.

  • Example 35: Configure a zone to log dropped packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Dropped Packet: ” –log-level=notice

This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.

  • Example 36: Configure a zone to limit the maximum number of connections

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ limit value=”10/s” accept’

This command configures the public zone to limit the maximum number of incoming connections to 10 per second.

  • Example 37: Configure a zone to allow incoming traffic only from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.

  • Example 38: Configure a zone to allow incoming traffic only on specific ports

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”80″ protocol=”tcp” accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”443″ protocol=”tcp” accept’

This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.

  • Example 39: Configure a zone to block incoming traffic from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

This command configures the public zone

  • Example 41: Configure a zone to block outgoing traffic to a specific destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.

  • Example 42: Configure a zone to allow incoming traffic on a specific interface

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ interface=”eth0″ accept’

This command configures the public zone to allow incoming traffic on the network interface eth0.

  • Example 43: Configure a zone to block all IPv6 traffic

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ reject’

This command configures the public zone to block all incoming and outgoing IPv6 traffic.

  • Example 44: List all runtime configurations of a zone

firewall-cmd –zone=public –list-all

This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.

  • Example 45: Set the default action for a zone to drop incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command sets the default action for the public zone to drop incoming traffic.

  • Example 46: Set the default action for a zone to reject incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command sets the default action for the public zone to reject incoming traffic.

  • Example 47: Configure a zone to forward specific ports to a different destination

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.

  • Example 48: Configure a zone to block specific ICMP packets

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”icmp” icmp-type=echo-request reject’

This command configures the public zone to block incoming ICMP echo requests.

  • Example 49: Configure a zone to allow incoming traffic on a specific source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”12345″ accept’

This command configures the public zone to allow incoming traffic on the specific source port 12345.

  • Example 50: Configure a zone to block incoming traffic on a specific destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”22″ reject’

This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).

Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:

  • Example 51: Configure a zone to allow incoming traffic on a specific source IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.

  • Example 52: Configure a zone to block incoming traffic on a specific destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”192.168.0.0/24″ reject’

This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.

  • Example 53: Configure a zone to allow incoming traffic on a specific source MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.

  • Example 54: Configure a zone to block incoming traffic on a specific destination MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination mac=”00:11:22:33:44:55″ reject’

This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.

  • Example 55: Configure a zone to allow incoming traffic on a specific source VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source vlan=”100″ accept’

This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.

  • Example 56: Configure a zone to block incoming traffic on a specific destination VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination vlan=”100″ reject’

This command configures the public zone to block incoming traffic to the specific VLAN ID 100.

  • Example 57: Configure a zone to allow incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”alice” accept’

This command configures the public zone to allow incoming traffic from the specific user “alice”.

  • Example 58: Configure a zone to block incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”bob” reject’

This command configures the public zone to block incoming traffic from the specific user “bob”.

  • Example 59: Configure a zone to allow incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”FIN,SYN” accept’

This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.

  • Example 60: Configure a zone to block incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”RST” reject’

This command configures the public zone to block incoming TCP traffic with the “RST” flag set.

  • Example 61: Configure a zone to allow incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”echo-reply” accept’

This command configures the public zone to allow incoming ICMP echo-reply packets.

  • Example 62: Configure a zone to block incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”destination-unreachable” reject’

This command configures the public zone to block incoming ICMP destination-unreachable packets.

  • Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”parameter-problem” accept’

This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.

  • Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”packet-too-big” reject’

This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.

  • Example 65: Configure a zone to allow incoming traffic on a specific source port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”30000-40000″ accept’

This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).

  • Example 66: Configure a zone to block incoming traffic on a specific destination port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”2000-3000″ reject’

This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).

  • Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”112″ accept’

This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).

  • Example 68: Configure a zone to block incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”58″ reject’

This command configures the public zone to block incoming traffic with the specific IP protocol number (58).

  • Example 69: Configure a zone to allow incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”2″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).

  • Example 70: Configure a zone to block incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”4″ reject’

This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).

  • Example 71: Configure a zone to allow incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”7″ accept’

This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).

  • Example 72: Configure a zone to block incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”9″ reject’

This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).

  • Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”MF” accept’

This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.

  • Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”DF” reject’

This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.

  • Example 75: Configure a zone to allow incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”4″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).

  • Example 76: Configure a zone to block incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”7″ reject’

This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).

  • Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 78: Configure a zone to block incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”22″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).

  • Example 79: Configure a zone to allow incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ accept’

This command configures the public zone to allow incoming traffic from multiple specific IP addresses.

  • Example 80: Configure a zone to block incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ reject’

This command configures the public zone to block incoming traffic from multiple specific IP addresses.

  • Example 81: Configure a zone to allow incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.

  • Example 82: Configure a zone to block incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.

  • Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”80″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.

  • Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”443″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.

  • Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.

  • Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” source port=”12345″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.

  1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
    “`bash
    firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp

. Feel free to ask for more examples if needed.

List all active zones.

firewall-cmd –get-active-zones

This command displays all active firewall zones on the system.

Add a service to a zone

firewall-cmd –zone=public –add-service=http

This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.

 

3: Remove a service from a zone

firewall-cmd –zone=public –remove-service=http

This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.

Example 4: Add a port to a zone

firewall-cmd –zone=public –add-port=8080/tcp

This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.

Example 5: Remove a port from a zone

firewall-cmd –zone=public –remove-port=8080/tcp

This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.

Example 6: List all services in a zone

firewall-cmd –zone=public –list-services

This command lists all services allowed in the public zone.

  • Example 7: List all ports in a zone

firewall-cmd –zone=public –list-ports

This command lists all ports opened in the public zone.

  • Example 8: Set a default zone

firewall-cmd –set-default-zone=public

This command sets the public zone as the default zone for incoming network connections.

  • Example 9: Enable masquerading

firewall-cmd –zone=public –add-masquerade

This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.

  1. Example 10: Reload the firewall configuration

firewall-cmd –reload

.

  1. Example 11: List all zones

firewall-cmd –get-zones

This command lists all available firewall zones on the system.

  1. Example 12: Add a source IP address to a zone

firewall-cmd –zone=public –add-source=192.168.0.10

This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.

  1. Example 13: Remove a source IP address from a zone

firewall-cmd –zone=public –remove-source=192.168.0.10

This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.

  1. Example 14: Set a zone as the default for network interfaces

firewall-cmd –zone=public –change-interface=eth0

This command sets the public zone as the default zone for the network interface eth0.

  1. Example 15: Add a rich rule to a zone

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.

  1. Example 16: Remove a rich rule from a zone

firewall-cmd –zone=public –remove-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command removes a specific rich rule from the public zone.

  1. Example 17: Enable a specific firewall feature

firewall-cmd –permanent –enable=ipsec

This command enables the IPsec firewall feature.

  1. Example 18: Disable a specific firewall feature

firewall-cmd –permanent –disable=ipsec

This command disables the IPsec firewall feature.

  1. Example 19: Configure a zone to log packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Firewall Log: “

This command configures the public zone to log packets with a custom log prefix.

  • Example 20: Display the runtime status of the firewall

firewall-cmd –state

  • Example 21: Add a custom service to a zone

firewall-cmd –permanent –zone=public –add-service=myapp

This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.

  • Example 22: Remove a custom service from a zone

firewall-cmd –permanent –zone=public –remove-service=myapp

This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.

  • Example 23: Reload the firewall configuration without losing established connections

firewall-cmd –reload –complete-reload

This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.

  • Example 24: List all supported services

firewall-cmd –get-services

This command lists all the supported services that can be used with firewall-cmd.

  • Example 25: Configure a zone to block all incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command configures the public zone to drop all incoming traffic.

  • Example 26: Configure a zone to block all outgoing traffic

firewall-cmd –zone=public –set-target=DROP –out-interface=eth0

This command configures the public zone to drop all outgoing traffic on the specified network interface.

  • Example 27: Configure a zone to reject incoming traffic with a specific ICMP message

firewall-cmd –zone=public –set-target=REJECT –reject-with=icmp-port-unreachable

This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.

  • Example 28: Configure a zone to forward packets

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.

  • Example 29: List all supported protocols

firewall-cmd –get-protocols

This command lists all the supported protocols that can be used with firewall-cmd.

  • Example 30: Display the version of firewalld

firewall-cmd –version

This command displays the version of the firewalld firewall management tool installed on the system.

  • Example 31: Add a source IP range to a zone

firewall-cmd –zone=public –add-source=192.168.0.0/24

This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.

  • Example 32: Remove a source IP range from a zone

firewall-cmd –zone=public –remove-source=192.168.0.0/24

This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.

  • Example 33: Configure a zone to reject all incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command configures the public zone to reject all incoming traffic.

  • Example 34: Configure a zone to reject all outgoing traffic

firewall-cmd –zone=public –set-target=REJECT –out-interface=eth0

This command configures the public zone to reject all outgoing traffic on the specified network interface.

  • Example 35: Configure a zone to log dropped packets

firewall-cmd –zone=public –set-target=LOG –log-prefix=”Dropped Packet: ” –log-level=notice

This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.

  • Example 36: Configure a zone to limit the maximum number of connections

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ limit value=”10/s” accept’

This command configures the public zone to limit the maximum number of incoming connections to 10 per second.

  • Example 37: Configure a zone to allow incoming traffic only from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.

  • Example 38: Configure a zone to allow incoming traffic only on specific ports

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”80″ protocol=”tcp” accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ port port=”443″ protocol=”tcp” accept’

This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.

  • Example 39: Configure a zone to block incoming traffic from a specific source IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

This command configures the public zone

  • Example 41: Configure a zone to block outgoing traffic to a specific destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.

  • Example 42: Configure a zone to allow incoming traffic on a specific interface

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ interface=”eth0″ accept’

This command configures the public zone to allow incoming traffic on the network interface eth0.

  • Example 43: Configure a zone to block all IPv6 traffic

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ reject’

This command configures the public zone to block all incoming and outgoing IPv6 traffic.

  • Example 44: List all runtime configurations of a zone

firewall-cmd –zone=public –list-all

This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.

  • Example 45: Set the default action for a zone to drop incoming traffic

firewall-cmd –zone=public –set-target=DROP

This command sets the default action for the public zone to drop incoming traffic.

  • Example 46: Set the default action for a zone to reject incoming traffic

firewall-cmd –zone=public –set-target=REJECT

This command sets the default action for the public zone to reject incoming traffic.

  • Example 47: Configure a zone to forward specific ports to a different destination

firewall-cmd –zone=public –add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080

This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.

  • Example 48: Configure a zone to block specific ICMP packets

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”icmp” icmp-type=echo-request reject’

This command configures the public zone to block incoming ICMP echo requests.

  • Example 49: Configure a zone to allow incoming traffic on a specific source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”12345″ accept’

This command configures the public zone to allow incoming traffic on the specific source port 12345.

  • Example 50: Configure a zone to block incoming traffic on a specific destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”22″ reject’

This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).

Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:

  • Example 51: Configure a zone to allow incoming traffic on a specific source IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ accept’

This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.

  • Example 52: Configure a zone to block incoming traffic on a specific destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination address=”192.168.0.0/24″ reject’

This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.

  • Example 53: Configure a zone to allow incoming traffic on a specific source MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.

  • Example 54: Configure a zone to block incoming traffic on a specific destination MAC address

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination mac=”00:11:22:33:44:55″ reject’

This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.

  • Example 55: Configure a zone to allow incoming traffic on a specific source VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source vlan=”100″ accept’

This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.

  • Example 56: Configure a zone to block incoming traffic on a specific destination VLAN

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination vlan=”100″ reject’

This command configures the public zone to block incoming traffic to the specific VLAN ID 100.

  • Example 57: Configure a zone to allow incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”alice” accept’

This command configures the public zone to allow incoming traffic from the specific user “alice”.

  • Example 58: Configure a zone to block incoming traffic from a specific user

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ user name=”bob” reject’

This command configures the public zone to block incoming traffic from the specific user “bob”.

  • Example 59: Configure a zone to allow incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”FIN,SYN” accept’

This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.

  • Example 60: Configure a zone to block incoming traffic on a specific TCP flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”RST” reject’

This command configures the public zone to block incoming TCP traffic with the “RST” flag set.

  • Example 61: Configure a zone to allow incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”echo-reply” accept’

This command configures the public zone to allow incoming ICMP echo-reply packets.

  • Example 62: Configure a zone to block incoming traffic on a specific ICMP type

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”icmp” icmp-type=”destination-unreachable” reject’

This command configures the public zone to block incoming ICMP destination-unreachable packets.

  • Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”parameter-problem” accept’

This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.

  • Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv6″ protocol=”ipv6-icmp” ipv6-icmp-type=”packet-too-big” reject’

This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.

  • Example 65: Configure a zone to allow incoming traffic on a specific source port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source port=”30000-40000″ accept’

This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).

  • Example 66: Configure a zone to block incoming traffic on a specific destination port range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ destination port=”2000-3000″ reject’

This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).

  • Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”112″ accept’

This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).

  • Example 68: Configure a zone to block incoming traffic on a specific IP protocol number

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol value=”58″ reject’

This command configures the public zone to block incoming traffic with the specific IP protocol number (58).

  • Example 69: Configure a zone to allow incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”2″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).

  • Example 70: Configure a zone to block incoming traffic on a specific TCP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-option=”4″ reject’

This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).

  • Example 71: Configure a zone to allow incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”7″ accept’

This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).

  • Example 72: Configure a zone to block incoming traffic on a specific UDP option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp” udp-option=”9″ reject’

This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).

  • Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”MF” accept’

This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.

  • Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” tcp-flags=”DF” reject’

This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.

  • Example 75: Configure a zone to allow incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”4″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).

  • Example 76: Configure a zone to block incoming traffic on a specific IP header option

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” ip-option=”7″ reject’

This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).

  • Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 78: Configure a zone to block incoming traffic with a specific IP address range and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ port port=”22″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).

  • Example 79: Configure a zone to allow incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ accept’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ accept’

This command configures the public zone to allow incoming traffic from multiple specific IP addresses.

  • Example 80: Configure a zone to block incoming traffic from multiple IP addresses

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ reject’

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.20″ reject’

This command configures the public zone to block incoming traffic from multiple specific IP addresses.

  • Example 81: Configure a zone to allow incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”8080″ accept’

This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.

  • Example 82: Configure a zone to block incoming traffic on a specific network interface and port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ in-interface=”eth0″ port port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.

  • Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”80″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.

  • Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination port=”443″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.

  • Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”8080″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.

  • Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination port=”22″ reject’

This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.

  • Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.

  • Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.

  • Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.10″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.

  • Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ accept’

This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source address=”192.168.0.0/24″ destination address=”203.0.113.0/24″ reject’

This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.

  • Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:33:44:55″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.

  • Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” source port=”12345″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.

  1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
    “`bash
    firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp

:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ accept’

This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ source mac=”00:11:22:00:00:00/FF:FF:FF:00:00:00″ destination address=”203.0.113.100″ reject’

This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.

  • Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port

firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”tcp” source port=”12345″ accept’

This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.

  1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
    “`bash
    firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp

Linux COMMAND FIREWALL-CMD

Unleashing the Power of Managed Linux Support: Exploring Features, Benefits, and a WordPress Hosting Case Study

Leave a Comment