Skip to main content

Learn Firewalld: Manage Linux Firewall with firewall-cmd

Master Linux firewalld with our tutorial series. Learn firewall basics, open ports, list rules, enable logs, and manage firewall with firewall-cmd.

Warp Terminal

What is firewalld?

Firewalld is an open source firewall management tool that acts as a front-end tool for the Linux kernel's netfilter framework. It is a zone-based firewall system that allows for the different security configuration levels for different connection zones. While Ubuntu and Debian rely on ufw for the firewall function, firewalld is shipped by default in Fedora, CentOS, openSUSE and Red Hat.

Why use firewalld?

  • Easier management: No need to remember complex iptables or nftables syntax.
  • Dynamic updates: Change rules without downtime.
  • Predefined services: Quickly allow/deny SSH, HTTP, HTTPS, etc.
  • Widespread adoption: Default firewall in RHEL, CentOS, Fedora, openSUSE, and more.

📖 Get familiar with firewalld terms quickly

Before jumping into commands, let’s look at a few important terms you’ll encounter again and again:

  • Zones: A zone represents a trust level for a network connection. For example, public (least trusted), home (medium), trusted (all allowed). Each network interface can be assigned to a zone.
  • Services: Firewalld comes with predefined services like ssh, http, https. Enabling a service automatically opens the required port(s).
  • Ports: You can directly allow or deny specific ports (like 80/tcp for HTTP) if you don’t want to rely on service definitions.
  • Runtime vs Permanent:
    • Runtime rules: Take effect immediately but are lost after reboot/reload.
    • Permanent rules: Persist across reboots but require a reload to apply.
  • Backends: Firewalld uses nftables (modern Linux) or iptables (older Linux) under the hood, so you don’t have to.

Manage firewalld with firewall-cmd commands

You use firewalld with a dedicated firewall-cmd command line tool.

Command Description
sudo firewall-cmd --state Check if firewalld is running
sudo systemctl restart firewalld Restart the firewall service
sudo firewall-cmd --reload Reload rules without stopping service
sudo firewall-cmd --get-active-zones Show active zones and interfaces
sudo firewall-cmd --get-default-zone Show the default zone
sudo firewall-cmd --list-all List all rules in the default zone
sudo firewall-cmd --add-service=ssh --permanent Allow SSH permanently
sudo firewall-cmd --remove-service=ssh --permanent Remove SSH access permanently
sudo firewall-cmd --add-port=8080/tcp --permanent Open TCP port 8080 permanently
sudo firewall-cmd --remove-port=8080/tcp --permanent Close TCP port 8080
sudo firewall-cmd --list-services List allowed services in current zone
sudo firewall-cmd --set-log-denied=all Enable logging of denied packets

We have a one page guide on firewall-cmd command that shows these examples in a better way.

firewalld-cmd Command in Linux: 24 Examples
The firewall-cmd command line tool lets you interact and manage the firewalld firewall in Linux. Here’s how to use this command.

Start using firewalld

This is a collection of quick tutorials that teaches you various ways of using the firewalld firewall system. Look at the left sidebar and quickly access these tutorials.

The collection will be updated continually with more tutorials in the future.

Updated on Sep 2, 2025

About the author

Abhishek Prakash Abhishek Prakash