Firewalld
Created: August 03, 2019 (Updated: August 06, 2020)
- The graphical utility is called firewall-config.
- Remember to reload the firewall after making a change to make it apply.
Default Zones
| Zone | Outgoing Connections | Incoming Connections |
|---|---|---|
| drop | Allowed | Dropped |
| block | Allowed | Rejected with an icmp-host-prohibited message |
| public | Allowed | DHCPv6 client, & SSH are allowed |
| external | Allowed* | SSH is allowed |
| dmz | Allowed | SSH is allowed |
| work | Allowed | DHCPv6 client, IPP, & SSH are allowed |
| home | Allowed | Allows DHCPv6 client, multicast DNS, IPP, Samba client, & SSH |
| internal | Allowed | Same as the home zone |
| trusted | Allowed | Allowed |
- * Also masqueraded to the IP address of the outgoing network interface
Add a new custom zone:
firewall-cmd --permanent --new-zone=isolated
firewall-cmd --reload
Add an existing interface to a zone:
firewall-cmd --permanent --add-interface=isolated --zone=isolated
firewall-cmd --reload