Skip to main content
๐ŸŽ“ Claude Code Masterclass Learn AI-assisted development on Udemy โ€” plus the companion book on Leanpub & Amazon. Start Learning
firewalld Cheat Sheet: Firewall Commands for RHEL
DevOps

firewalld Cheat Sheet: Firewall Commands for RHEL

firewalld cheat sheet for RHEL, Rocky, and Fedora. Zones, services, ports, rich rules, masquerading, and troubleshooting โ€” every command you need.

LB
Luca Berton
ยท 1 min read

A quick reference for firewalld โ€” the dynamic Linux firewall manager. Bookmark this page.

Basic Commands

# Status
sudo firewall-cmd --state
sudo systemctl status firewalld

# Start/stop
sudo systemctl start firewalld
sudo systemctl enable firewalld

Zone Management

# List zones
sudo firewall-cmd --get-zones
sudo firewall-cmd --get-active-zones
sudo firewall-cmd --get-default-zone

# Set default zone
sudo firewall-cmd --set-default-zone=public

# Assign interface to zone
sudo firewall-cmd --zone=trusted --add-interface=eth1 --permanent

Services and Ports

# List current rules
sudo firewall-cmd --list-all
sudo firewall-cmd --zone=public --list-all

# Add service
sudo firewall-cmd --add-service=http --permanent
sudo firewall-cmd --add-service=https --permanent
sudo firewall-cmd --add-service={http,https,ssh} --permanent

# Remove service
sudo firewall-cmd --remove-service=http --permanent

# Add port
sudo firewall-cmd --add-port=8080/tcp --permanent
sudo firewall-cmd --add-port=3000-3100/tcp --permanent

# Remove port
sudo firewall-cmd --remove-port=8080/tcp --permanent

# Always reload after permanent changes
sudo firewall-cmd --reload

# List available services
sudo firewall-cmd --get-services

Rich Rules

# Allow from specific IP
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="10.0.0.0/8" accept' --permanent

# Allow port from specific subnet
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="192.168.1.0/24" port port="5432" protocol="tcp" accept' --permanent

# Rate limit
sudo firewall-cmd --add-rich-rule='rule family="ipv4" service name="ssh" accept limit value="3/m"' --permanent

# Log and drop
sudo firewall-cmd --add-rich-rule='rule family="ipv4" source address="1.2.3.4" log prefix="BLOCKED: " drop' --permanent

# List rich rules
sudo firewall-cmd --list-rich-rules

Port Forwarding

# Forward port
sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toport=8080 --permanent
sudo firewall-cmd --add-forward-port=port=80:proto=tcp:toaddr=10.0.0.5:toport=8080 --permanent

# Enable masquerading (required for forwarding)
sudo firewall-cmd --add-masquerade --permanent

Tips and Tricks

  • Always use --permanent then --reload โ€” runtime rules are lost on restart
  • Use zones to apply different policies per network interface
  • Use firewall-cmd --runtime-to-permanent to save current runtime rules
  • Use firewall-cmd --panic-on to block all traffic in emergencies
  • On RHEL/Rocky, firewalld is the default โ€” use it instead of raw iptables

Related Articles

Argo CD: GitOps Continuous Deployment for Kubernetes
DevOps

Argo CD: GitOps Continuous Deployment for Kubernetes

Production-ready Argo CD setup โ€” ApplicationSets, multi-cluster sync, RBAC, notifications, and progressive delivery patterns.

Buildah vs Kaniko: Container Image Building Without Docker
DevOps

Buildah vs Kaniko: Container Image Building Without Docker

Buildah vs Kaniko for rootless, daemonless container image builds in CI/CD: security, performance, Kubernetes integration, and pipeline examples.

CDK vs Terraform 2026: IaC Comparison with Code Examples
DevOps

CDK vs Terraform 2026: IaC Comparison with Code Examples

AWS CDK vs Terraform โ€” language support, state management, multi-cloud capabilities, team workflows, and migration strategies with real-world benchmarks.

cert-manager: Automate TLS Certificates in Kubernetes
DevOps

cert-manager: Automate TLS Certificates in Kubernetes

Zero-touch TLS with cert-manager โ€” Let's Encrypt, Venafi, Vault CA, wildcard certs, and automatic renewal for all your Ingress resources.

All Articles

Free 30-min AI & Cloud consultation

Book Now