Configure Firewall Settings Using Firewall-config Firewall-cmd Or Iptables

General Information

Firewalld is a new zone based firewall in RHEL 7. It replaces iptables.

  • firewall-config ⇒ GUI Frontend for firewalld
  • firewall-cmd ⇒ Cmd line frontend for firewalld
  • firewalld ⇒ Daemon that interacts with the Linux kernel's packet filter, Netfilter
    • cannot be used at the same time as iptables
  • iptables ⇒ Interacts with the Linux kernel's packet filter, Netfilter
    • cannot be used at the same time as firewalld

Install and start firewall packages (included by default on base, not minimum install)

yum install firewalld firewall-config
systemctl start firewalld
systemctl enable firewalld

View zone names

firewall-cmd --get-zones

View default zone

firewall-cmd --get-default-zone
  • Zone “public” applies to all interfaces (the catch all)

View current rules (default zone)

firewall-cmd --list-all

View rules, specify zone

firewall-cmd --zone=home --list-all

View all zones rules

firewall-cmd --list-all-zones

Add source IP network for home zone (Runtime change)

firewall-cmd --zone=home --add-source=
  • Runtime/Non-persistent changes are instant, but don't survive a reload/reboot

Permanent change (survives firewall reload or system reboot)

firewall-cmd --zone=home --permanent --add-source=
firewall-cmd --reload
  • Permanent changes do not take effect until a firewall-cmd –reload

Allow HTTP on default zone (instant change and also permanent)

firewall-cmd --add-port=80/tcp
firewall-cmd --permanent --add-port=80/tcp

Launch GUI, firewall-config


You can use iptables, but it is recommended to use firewall-cmd instead. Using iptables instead requires disabling firewalld, installing iptables-services, and then enabling the iptables service.

  • linux_wiki/configure_firewall_settings_using_firewall-config_firewall-cmd_or_iptables.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)