tldr/pages/linux/firewall-cmd.md

# firewall-cmd

> The firewalld command-line client.
> View and adapt the runtime or permanent firewall configuration state.
> More information: <https://firewalld.org/documentation/man-pages/firewall-cmd>.

- View all available firewall zones and rules in their runtime configuration state:

`firewall-cmd --list-all-zones`

- Permanently move the interface into the block zone, effectively blocking all communication:

`firewall-cmd --permanent --zone={{block}} --change-interface={{enp1s0}}`

- Permanently open the port for a service in the specified zone (like port 443 when in the `public` zone):

`firewall-cmd --permanent --zone={{public}} --add-service={{https}}`

- Permanently close the port for a service in the specified zone (like port 80 when in the `public` zone):

`firewall-cmd --permanent --zone={{public}} --remove-service={{http}}`

- Permanently forward a port for incoming packets in the specified zone (like port 443 to 8443 when entering the `public` zone):

`firewall-cmd --permanent --zone={{public}} --add-rich-rule='rule family="{{ipv4|ipv6}}" forward-port port="{{443}}" protocol="{{udp|tcp}}" to-port="{{8443}}"'`

- Reload firewalld to lose any runtime changes and force the permanent configuration to take effect immediately:

`firewall-cmd --reload`

- Save the runtime configuration state to the permanent configuration:

`firewall-cmd --runtime-to-permanent`

- Enable panic mode in case of Emergency. All traffic is dropped, any active connection will be terminated:

`firewall-cmd --panic-on`
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00			`# firewall-cmd`

*: fix typos reported by Hunspell (#5848) Co-authored-by: marchersimon <50295997+marchersimon@users.noreply.github.com> Co-authored-by: Seth Falco <seth@falco.fun> Co-authored-by: Patrice Denis <patricedenis@users.noreply.github.com> 2021-05-20 16:13:41 -04:00			`> The firewalld command-line client.`
firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00			`> View and adapt the runtime or permanent firewall configuration state.`
linux/[a-g]: add more information link (#6076) 2021-07-09 16:45:55 +02:00			`> More information: <https://firewalld.org/documentation/man-pages/firewall-cmd>.`
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00
firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00			`- View all available firewall zones and rules in their runtime configuration state:`
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00
firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00			`firewall-cmd --list-all-zones`
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00
firewall-cmd: add zone change and arbitrary ports (#3815) 2020-03-03 18:21:21 +01:00			`- Permanently move the interface into the block zone, effectively blocking all communication:`

			`firewall-cmd --permanent --zone={{block}} --change-interface={{enp1s0}}`

multiple pages: format technical tokens (#5119) Co-authored-by: bl-ue <54780737+bl-ue@users.noreply.github.com> Co-authored-by: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com> 2021-01-31 14:05:18 -03:00			- Permanently open the port for a service in the specified zone (like port 443 when in the `public` zone):
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00
			`firewall-cmd --permanent --zone={{public}} --add-service={{https}}`

multiple pages: format technical tokens (#5119) Co-authored-by: bl-ue <54780737+bl-ue@users.noreply.github.com> Co-authored-by: Starbeamrainbowlabs <sbrl@starbeamrainbowlabs.com> 2021-01-31 14:05:18 -03:00			- Permanently close the port for a service in the specified zone (like port 80 when in the `public` zone):
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00
			`firewall-cmd --permanent --zone={{public}} --remove-service={{http}}`

firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00			- Permanently forward a port for incoming packets in the specified zone (like port 443 to 8443 when entering the `public` zone):
firewall-cmd: add zone change and arbitrary ports (#3815) 2020-03-03 18:21:21 +01:00
firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00			`firewall-cmd --permanent --zone={{public}} --add-rich-rule='rule family="{{ipv4\|ipv6}}" forward-port port="{{443}}" protocol="{{udp\|tcp}}" to-port="{{8443}}"'`
firewall-cmd: add zone change and arbitrary ports (#3815) 2020-03-03 18:21:21 +01:00
firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00			`- Reload firewalld to lose any runtime changes and force the permanent configuration to take effect immediately:`
Add page for firewall-cmd in linux 2015-01-12 10:45:34 -05:00
			`firewall-cmd --reload`
firewall-cmd: clarify runtime/permanent configuration and add commands (#13771) 2024-09-21 15:07:48 +02:00
			`- Save the runtime configuration state to the permanent configuration:`

			`firewall-cmd --runtime-to-permanent`

			`- Enable panic mode in case of Emergency. All traffic is dropped, any active connection will be terminated:`

			`firewall-cmd --panic-on`