Author:Douglas O’Leary <>
Description:notes on firewalld
Date created:12/15/17
Date updated:
Disclaimer:Standard: Use the information that follows at your own risk. If you screw up a system, don’t blame it on me...



systemctl status firewalld
Displays firewalld status
firewall-cmd –get-services:
List pre-defined services but all on one line.
firewall-cmd –add-service=ftp
Add ftp to the list of services avaiable for the active zone
firewall-cmd –get-active-zone
Displays the current/active zone
firewall-cmd –get-default-zone
Displays the default zone
firewall-cmd –get-zones

Displays all available zones. Not overly useful:

# firewall-cmd --get-zones
block dmz drop external home internal public trusted work
firewall-cmd –list-all-zones
Displays much more detailed information about each zone.
fireawll-cmd –list–all [ –zone=${zone} ]
Displays current configuration of the active (or specified) zone which will include the assigned interfaces.
firewall-cmd –get-zone-of-interface=${interface}
Identify the firewall zone to which an interface is assigned.
firewall-cmd –list-services [ –zone=${zone} ]
Displays the services that have been enabled in the active or specified zone.

IP forwarding:

If using firewalld to route/nat, ensure ip_forward is set:

# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1


  • Files in /etc/firewalld (prob should leave those alone)
  • firewall-config (GUI)
  • firewall-cmd (cli)


Adding/deleting a service:

firewall-cmd --add-service=${service} [ --permanent ]
firewall-cmd --delete-service=${service} [ --permanent ]
firewall-cmd --reload

Identify a zone for a specific interface:

# firewall-cmd --get-zone-of-interface=eth1