Business, Command-Line

Linux COMMAND FIREWALL-CMD

Photo of author

By admin





















firewall-cmd --zone=public --add-service=http






This command adds the HTTP service to the public zone, allowing incoming HTTP traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Remove a service from a zone
      2. 

    

    2. 









firewall-cmd --zone=public --remove-service=http






This command removes the HTTP service from the public zone, disallowing incoming HTTP traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Add a port to a zone
      2. 

    

    2. 









firewall-cmd --zone=public --add-port=8080/tcp






This command opens port 8080/tcp in the public zone, allowing incoming TCP traffic on that port.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Remove a port from a zone
      2. 

    

    2. 









firewall-cmd --zone=public --remove-port=8080/tcp






This command removes the rule that allows incoming TCP traffic on port 8080 from the public zone.


6. List all services in a zone








firewall-cmd --zone=public --list-services






This command lists all services allowed in the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1.  List all ports in a zone
      2. 

    

    2. 









firewall-cmd --zone=public --list-ports






This command lists all ports opened in the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1. Set a default zone
      2. 

    

    2. 









firewall-cmd --set-default-zone=public






This command sets the public zone as the default zone for incoming network connections.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Enable masquerading
      2. 

    

    2. 









firewall-cmd --zone=public --add-masquerade






This command enables masquerading in the public zone, allowing Network Address Translation (NAT) for outgoing traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Reload the firewall configuration
      2. 

    

    2. 









firewall-cmd --reload






.














    

  1. 

    

    2. 



    

  1. 

      

    1.  List all zones
      2. 

    

    2. 









firewall-cmd --get-zones






This command lists all available firewall zones on the system.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Add a source IP address to a zone
      2. 

    

    2. 









firewall-cmd --zone=public --add-source=192.168.0.10






This command adds the IP address 192.168.0.10 to the allowed sources in the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Remove a source IP address from a zone
      2. 

    

    2. 









firewall-cmd --zone=public --remove-source=192.168.0.10






This command removes the IP address 192.168.0.10 from the allowed sources in the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Set a zone as the default for network interfaces
      2. 

    

    2. 









firewall-cmd --zone=public --change-interface=eth0






This command sets the public zone as the default zone for the network interface eth0.






    

  1. 

    

    2. 



    

  1. 

      

    1. : Add a rich rule to a zone
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" accept'






This command adds a rich rule to the public zone, allowing incoming traffic from the IP subnet 192.168.0.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Remove a rich rule from a zone
      2. 

    

    2. 









firewall-cmd --zone=public --remove-rich-rule='rule family="ipv4" source address="192.168.0.0/24" accept'






This command removes a specific rich rule from the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Enable a specific firewall feature
      2. 

    

    2. 









firewall-cmd --permanent --enable=ipsec






This command enables the IPsec firewall feature.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Disable a specific firewall feature
      2. 

    

    2. 









firewall-cmd --permanent --disable=ipsec






This command disables the IPsec firewall feature.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Configure a zone to log packets
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=LOG --log-prefix="Firewall Log: "






This command configures the public zone to log packets with a custom log prefix.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Display the runtime status of the firewall
      2. 

    

    2. 









firewall-cmd --state


















    

  1. 

    

    2. 



    

  1. 

      

    1. Add a custom service to a zone
      2. 

    

    2. 









firewall-cmd --permanent --zone=public --add-service=myapp






This command adds a custom service called “myapp” to the public zone, allowing incoming traffic on the defined ports for that service.






    

  1. 

    

    2. 



    

  1. 

      

    1. : Remove a custom service from a zone
      2. 

    

    2. 









firewall-cmd --permanent --zone=public --remove-service=myapp






This command removes the custom service “myapp” from the public zone, disallowing incoming traffic on the defined ports for that service.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Reload the firewall configuration without losing established connections
      2. 

    

    2. 









firewall-cmd --reload --complete-reload






This command reloads the firewall configuration, ensuring that established connections are maintained during the reload process.






    

  1. 

    

    2. 



    

  1. 

      

    1. List all supported services
      2. 

    

    2. 









firewall-cmd --get-services






This command lists all the supported services that can be used with firewall-cmd.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Configure a zone to block all incoming traffic
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=DROP






This command configures the public zone to drop all incoming traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Configure a zone to block all outgoing traffic
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=DROP --out-interface=eth0






This command configures the public zone to drop all outgoing traffic on the specified network interface.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Configure a zone to reject incoming traffic with a specific ICMP message
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=REJECT --reject-with=icmp-port-unreachable






This command configures the public zone to reject incoming traffic with an ICMP “port unreachable” message.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Configure a zone to forward packets
      2. 

    

    2. 









firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toport=8080






This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080.






    

  1. 

    

    2. 



    

  1. 

      

    1.  List all supported protocols
      2. 

    

    2. 









firewall-cmd --get-protocols






This command lists all the supported protocols that can be used with firewall-cmd.






    

  1. 

    

    2. 



    

  1. 

      

    1.  Display the version of firewalld
      2. 

    

    2. 









firewall-cmd --version






This command displays the version of the firewalld firewall management tool installed on the system.


















    

  1. 

    

    2. 



    

  1. 

      

    1. Add a source IP range to a zone
      2. 

    

    2. 









firewall-cmd --zone=public --add-source=192.168.0.0/24






This command adds the IP range 192.168.0.0/24 to the allowed sources in the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 32: Remove a source IP range from a zone
      2. 

    

    2. 









firewall-cmd --zone=public --remove-source=192.168.0.0/24






This command removes the IP range 192.168.0.0/24 from the allowed sources in the public zone.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 33: Configure a zone to reject all incoming traffic
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=REJECT






This command configures the public zone to reject all incoming traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 34: Configure a zone to reject all outgoing traffic
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=REJECT --out-interface=eth0






This command configures the public zone to reject all outgoing traffic on the specified network interface.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 35: Configure a zone to log dropped packets
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=LOG --log-prefix="Dropped Packet: " --log-level=notice






This command configures the public zone to log packets that are dropped with a custom log prefix and log level set to “notice”.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 36: Configure a zone to limit the maximum number of connections
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" limit value="10/s" accept'






This command configures the public zone to limit the maximum number of incoming connections to 10 per second.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 37: Configure a zone to allow incoming traffic only from a specific source IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" accept'






This command configures the public zone to allow incoming traffic only from the specific source IP address 192.168.0.10.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 38: Configure a zone to allow incoming traffic only on specific ports
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="80" protocol="tcp" accept'
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" port port="443" protocol="tcp" accept'






This command configures the public zone to allow incoming TCP traffic on ports 80 and 443.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 39: Configure a zone to block incoming traffic from a specific source IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" reject'






This command configures the public zone










    

  1. 

    

    2. 



    

  1. 

      

    1. Example 41: Configure a zone to block outgoing traffic to a specific destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination address="203.0.113.100" reject'






This command configures the public zone to block outgoing traffic to the specific destination IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 42: Configure a zone to allow incoming traffic on a specific interface
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" interface="eth0" accept'






This command configures the public zone to allow incoming traffic on the network interface eth0.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 43: Configure a zone to block all IPv6 traffic
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv6" reject'






This command configures the public zone to block all incoming and outgoing IPv6 traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 44: List all runtime configurations of a zone
      2. 

    

    2. 









firewall-cmd --zone=public --list-all






This command displays all the runtime configurations of the public zone, including sources, services, ports, and rich rules.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 45: Set the default action for a zone to drop incoming traffic
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=DROP






This command sets the default action for the public zone to drop incoming traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 46: Set the default action for a zone to reject incoming traffic
      2. 

    

    2. 









firewall-cmd --zone=public --set-target=REJECT






This command sets the default action for the public zone to reject incoming traffic.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 47: Configure a zone to forward specific ports to a different destination
      2. 

    

    2. 









firewall-cmd --zone=public --add-forward-port=port=80:proto=tcp:toaddr=192.168.0.10:toport=8080






This command configures the public zone to forward incoming TCP traffic from port 80 to port 8080 on the IP address 192.168.0.10.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 48: Configure a zone to block specific ICMP packets
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol value="icmp" icmp-type=echo-request reject'






This command configures the public zone to block incoming ICMP echo requests.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 49: Configure a zone to allow incoming traffic on a specific source port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source port="12345" accept'






This command configures the public zone to allow incoming traffic on the specific source port 12345.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 50: Configure a zone to block incoming traffic on a specific destination port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination port="22" reject'






This command configures the public zone to block incoming traffic on the specific destination port 22 (SSH).














Certainly! Here are 10 more examples of common firewall-cmd commands with scenarios:






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 51: Configure a zone to allow incoming traffic on a specific source IP range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" accept'






This command configures the public zone to allow incoming traffic from the specific IP range 192.168.0.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 52: Configure a zone to block incoming traffic on a specific destination IP range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination address="192.168.0.0/24" reject'






This command configures the public zone to block incoming traffic to the specific IP range 192.168.0.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 53: Configure a zone to allow incoming traffic on a specific source MAC address
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source mac="00:11:22:33:44:55" accept'






This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 54: Configure a zone to block incoming traffic on a specific destination MAC address
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination mac="00:11:22:33:44:55" reject'






This command configures the public zone to block incoming traffic to the specific MAC address 00:11:22:33:44:55.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 55: Configure a zone to allow incoming traffic on a specific source VLAN
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source vlan="100" accept'






This command configures the public zone to allow incoming traffic from the specific VLAN ID 100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 56: Configure a zone to block incoming traffic on a specific destination VLAN
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination vlan="100" reject'






This command configures the public zone to block incoming traffic to the specific VLAN ID 100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 57: Configure a zone to allow incoming traffic from a specific user
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" user name="alice" accept'






This command configures the public zone to allow incoming traffic from the specific user “alice”.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 58: Configure a zone to block incoming traffic from a specific user
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" user name="bob" reject'






This command configures the public zone to block incoming traffic from the specific user “bob”.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 59: Configure a zone to allow incoming traffic on a specific TCP flag
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" tcp-flags="FIN,SYN" accept'






This command configures the public zone to allow incoming TCP traffic with the “FIN” and “SYN” flags set.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 60: Configure a zone to block incoming traffic on a specific TCP flag
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" tcp-flags="RST" reject'






This command configures the public zone to block incoming TCP traffic with the “RST” flag set.














    

  1. 

    

    2. 



    

  1. 

      

    1. Example 61: Configure a zone to allow incoming traffic on a specific ICMP type
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="icmp" icmp-type="echo-reply" accept'






This command configures the public zone to allow incoming ICMP echo-reply packets.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 62: Configure a zone to block incoming traffic on a specific ICMP type
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="icmp" icmp-type="destination-unreachable" reject'






This command configures the public zone to block incoming ICMP destination-unreachable packets.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 63: Configure a zone to allow incoming traffic on a specific IPv6 extension header
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv6" protocol="ipv6-icmp" ipv6-icmp-type="parameter-problem" accept'






This command configures the public zone to allow incoming IPv6 packets with the parameter-problem ICMPv6 type.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 64: Configure a zone to block incoming traffic on a specific IPv6 extension header
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv6" protocol="ipv6-icmp" ipv6-icmp-type="packet-too-big" reject'






This command configures the public zone to block incoming IPv6 packets with the packet-too-big ICMPv6 type.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 65: Configure a zone to allow incoming traffic on a specific source port range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source port="30000-40000" accept'






This command configures the public zone to allow incoming traffic from the specified source port range (30000-40000).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 66: Configure a zone to block incoming traffic on a specific destination port range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" destination port="2000-3000" reject'






This command configures the public zone to block incoming traffic to the specified destination port range (2000-3000).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 67: Configure a zone to allow incoming traffic on a specific IP protocol number
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol value="112" accept'






This command configures the public zone to allow incoming traffic with the specific IP protocol number (112).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 68: Configure a zone to block incoming traffic on a specific IP protocol number
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol value="58" reject'






This command configures the public zone to block incoming traffic with the specific IP protocol number (58).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 69: Configure a zone to allow incoming traffic on a specific TCP option
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" tcp-option="2" accept'






This command configures the public zone to allow incoming TCP traffic with the specific TCP option number (2).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 70: Configure a zone to block incoming traffic on a specific TCP option
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" tcp-option="4" reject'






This command configures the public zone to block incoming TCP traffic with the specific TCP option number (4).










    

  1. 

    

    2. 



    

  1. 

      

    1. Example 71: Configure a zone to allow incoming traffic on a specific UDP option
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="udp" udp-option="7" accept'






This command configures the public zone to allow incoming UDP traffic with the specific UDP option number (7).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 72: Configure a zone to block incoming traffic on a specific UDP option
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="udp" udp-option="9" reject'






This command configures the public zone to block incoming UDP traffic with the specific UDP option number (9).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 73: Configure a zone to allow incoming traffic on a specific IP fragment flag
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" tcp-flags="MF" accept'






This command configures the public zone to allow incoming TCP traffic with the IP fragment flag “MF” set.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 74: Configure a zone to block incoming traffic on a specific IP fragment flag
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" tcp-flags="DF" reject'






This command configures the public zone to block incoming TCP traffic with the IP fragment flag “DF” set.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 75: Configure a zone to allow incoming traffic on a specific IP header option
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" ip-option="4" accept'






This command configures the public zone to allow incoming TCP traffic with the specific IP header option number (4).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 76: Configure a zone to block incoming traffic on a specific IP header option
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" ip-option="7" reject'






This command configures the public zone to block incoming TCP traffic with the specific IP header option number (7).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 77: Configure a zone to allow incoming traffic with a specific IP address range and port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" port port="8080" accept'






This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 78: Configure a zone to block incoming traffic with a specific IP address range and port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" port port="22" reject'






This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 on port 22 (SSH).






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 79: Configure a zone to allow incoming traffic from multiple IP addresses
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" accept'
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.20" accept'






This command configures the public zone to allow incoming traffic from multiple specific IP addresses.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 80: Configure a zone to block incoming traffic from multiple IP addresses
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" reject'
firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.20" reject'






This command configures the public zone to block incoming traffic from multiple specific IP addresses.














    

  1. 

    

    2. 



    

  1. 

      

    1. Example 81: Configure a zone to allow incoming traffic on a specific network interface and port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" in-interface="eth0" port port="8080" accept'






This command configures the public zone to allow incoming traffic on port 8080 only from the network interface eth0.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 82: Configure a zone to block incoming traffic on a specific network interface and port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" in-interface="eth0" port port="22" reject'






This command configures the public zone to block incoming SSH (port 22) traffic from the network interface eth0.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 83: Configure a zone to allow incoming traffic on a specific source IP and destination port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" destination port="80" accept'






This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 on port 80.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 84: Configure a zone to block incoming traffic on a specific source IP and destination port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" destination port="443" reject'






This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 on port 443.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 85: Configure a zone to allow incoming traffic on a specific source IP range and destination port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" destination port="8080" accept'






This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 on port 8080.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 86: Configure a zone to block incoming traffic on a specific source IP range and destination port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" destination port="22" reject'






This command configures the public zone to block incoming SSH (port 22) traffic from the IP range 192.168.0.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 87: Configure a zone to allow incoming traffic on a specific source IP and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" destination address="203.0.113.100" accept'






This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 88: Configure a zone to block incoming traffic on a specific source IP and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" destination address="203.0.113.100" reject'






This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 89: Configure a zone to allow incoming traffic on a specific source IP range and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" destination address="203.0.113.100" accept'






This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 90: Configure a zone to block incoming traffic on a specific source IP range and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" destination address="203.0.113.100" reject'






This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP address 203.0.113.100.














    

  1. 

    

    2. 



    

  1. 

      

    1. Example 91: Configure a zone to allow incoming traffic on a specific source IP and destination IP range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" destination address="203.0.113.0/24" accept'






This command configures the public zone to allow incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 92: Configure a zone to block incoming traffic on a specific source IP and destination IP range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.10" destination address="203.0.113.0/24" reject'






This command configures the public zone to block incoming traffic from the IP address 192.168.0.10 to the IP range 203.0.113.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 93: Configure a zone to allow incoming traffic on a specific source IP range and destination IP range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" destination address="203.0.113.0/24" accept'






This command configures the public zone to allow incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 94: Configure a zone to block incoming traffic on a specific source IP range and destination IP range
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="192.168.0.0/24" destination address="203.0.113.0/24" reject'






This command configures the public zone to block incoming traffic from the IP range 192.168.0.0/24 to the IP range 203.0.113.0/24.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 95: Configure a zone to allow incoming traffic on a specific source MAC and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source mac="00:11:22:33:44:55" destination address="203.0.113.100" accept'






This command configures the public zone to allow incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 96: Configure a zone to block incoming traffic on a specific source MAC and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source mac="00:11:22:33:44:55" destination address="203.0.113.100" reject'






This command configures the public zone to block incoming traffic from the specific MAC address 00:11:22:33:44:55 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 97: Configure a zone to allow incoming traffic on a specific source MAC range and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source mac="00:11:22:00:00:00/FF:FF:FF:00:00:00" destination address="203.0.113.100" accept'






This command configures the public zone to allow incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 98: Configure a zone to block incoming traffic on a specific source MAC range and destination IP
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source mac="00:11:22:00:00:00/FF:FF:FF:00:00:00" destination address="203.0.113.100" reject'






This command configures the public zone to block incoming traffic from the MAC range 00:11:22:00:00:00 to FF:FF:FF:00:00:00 to the IP address 203.0.113.100.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 99: Configure a zone to allow incoming traffic on a specific protocol and source port
      2. 

    

    2. 









firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" protocol="tcp" source port="12345" accept'






This command configures the public zone to allow incoming TCP traffic with the specific source port 12345.






    

  1. 

    

    2. 



    

  1. 

      

    1. Example 100: Configure a zone to block incoming traffic on a specific protocol and source port
      “`bash
      firewall-cmd –zone=public –add-rich-rule=’rule family=”ipv4″ protocol=”udp
      2. 

    

    2. 







Lorem ipsum dolor sit amet, consectetur adipiscing elit. Ut elit tellus, luctus nec ullamcorper mattis, pulvinar dapibus leo.
		


			



















LINUX IPTABLES with examples

























			

				


		

		
Leave a Comment