The “firewall-cmd” Command in Linux [7 Practical Examples]

LINUX
FUNDAMENTALS
A Complete Guide for Beginners Enroll Course Now

The firewall-cmd command in Linux is a useful tool to manage the firewall in an easy and effective way. In this article, I will describe all the features of the firewall-cmd command and how to use it to configure firewall rules and zones on a Linux system.

A. Description

The firewall-cmd is a powerful firewall management tool that provides a command-line interface for configuring and managing the firewall on a Linux system. It is part of the firewall software package, which is a built-in firewall solution for Linux systems. firewall-cmd is capable of managing the firewall in a simple and effective way and allows users to configure firewall rules and zones in an easy-to-use interface.

B. Syntax

The syntax of the firewall-cmd command in Linux is simple, as shown below.

firewall-cmd [OPTION]...
Note: In the syntax above, the OPTION enclosed by the square brackets means it is not mandatory and three dots after the square brackets mean multiple OPTIONS can be used simultaneously after the firewall-cmd command.

C. Options

The firewall-cmd command has multiple options available. Here, I have listed a few of them. However, you can learn more about the firewall-cmd command, its options and their uses by checking the man page.

man firewall-cmd

Useful Options

  • –permanent: Makes the change permanent.
  • –zone=zone: Specifies the firewall zone to which the command applies.
  • –add-port=port/protocol: Adds a port or port range to the firewall.
  • –remove-port=port/protocol: Removes a port or port range from the firewall.
  • –list-all: Shows the current firewall configuration, including all zones and their associated rules.
  • –reload: Reloads the firewall.
  • –state: Shows the state of the firewall (running or not running).
  • -h, –help: Displays the help page.
  • -V, –version: Displays version information.
Note: Commands and their options are case-sensitive in Linux. So, be careful while using them.

Installing the “firewall-cmd” Command in Linux

The firewall-cmd command is typically pre-installed on most Linux distributions. If it is not already installed on your system, you can easily install it using the package manager for your distribution. You can find out whether you have it on your machine or not by typing anyone of the following commands.

firewall-cmd --version

OR,

firewall-cmd version

Your system will print out the version of the firewall-cmd command if it is already installed. Otherwise, you will see the message as in the image below.Showing that the firewall-cmd is not installed.Don’t worry! You can install the firewall-cmd command on your machine within a minute by following the instructions given below.

Steps to Follow >

➊ At first, open the Ubuntu Terminal.

➋ Type the following in your command prompt:

sudo apt-get install firewalld

OR,

sudo apt install firewalld

➌ Tap the ENTER key.

➍ Input your password.

➎ Finally, press ENTER.

Output >

Upon completion of these steps, the firewall-cmd command will be installed on your machine.Showing the installation process of the firewalle command.

Practical Examples of the “firewall-cmd” Command in Linux

In Linux, the firewall-cmd command is a helpful tool to manage the firewall configuration. In the section below, I will show you some of the most useful applications for the firewall-cmd command in Linux.

Example 1: Add Port With the “firewall-cmd” Command in Linux

You can add a port to the firewall by using the firewall-cmd command followed by the –add-port option. Here, I will add a new port “460” to the firewall. You can do the same by following the steps below.

Steps to Follow >

➊ At first, open the Ubuntu Terminal.

 Next, execute the command to add port “460” to the firewall.

sudo firewall-cmd --add-port=460/tcp

➌ Tap the ENTER key.

➍ Input your Password.

➎ Press ENTER key again.

Output >

In the following image, you can see that I have successfully added a new port to the firewall.A new port has been added to the firewall using the firewall-cmd command in Linux.


Similar Readings


Example 2: List Available Ports With the “firewall-cmd” Command in Linux

The firewall-cmd command allows you to see the list of ports in your Linux system. You can follow the below process to see the ports list.

Steps to Follow >

➊ First, open the Ubuntu Terminal.

 Then, run the below command to see the list of ports in your Linux system.

sudo firewall-cmd --list-ports

➌ Next, press the ENTER key.

➍ Provide your Password.

➎ Lastly, press the ENTER button.

Output >

In the image below, you can see that I have displayed the lists of ports in my system.The lists of ports in my system has been displayed using firewall-cmd command in linux.

Example 3: Remove a Port With the “firewall-cmd” Command in Linux

You can remove any existing port using the firewall-cmd command. In this example, I will remove the port  “3400”. You can do the same by following the steps below.

Steps to Follow >

➊ Launch the Ubuntu Terminal first.

 Then, type the following command into the command prompt:

sudo firewall-cmd --list-ports

➌ Press the ENTER button.

➍ Type your Password.

➎ Press ENTER again.

➏ Now, run the following command to remove port “3400”.

sudo firewall-cmd --remove-port=3400/tcp

➐ Then, press the ENTER key.

➑ Run the following to ensure the removal of the port.

sudo firewall-cmd --list-ports

➒ Finally, tap the ENTER key.

Output >

In the image below, you can see that I have removed port “3400”.Showing that the port “3400” has been removed.


Similar Readings


Example 4: Forwarding a Port Using The “firewall-cmd” Command in Linux

Port forwarding with firewall-cmd allows you to redirect network traffic from one network port to another network port on a local or remote machine. To redirect traffic of any network port the following syntax can be used.

sudo firewall-cmd --zone=public --add-forward-port=port=INCOMING_PORT:proto=tcp:toport=DESTINATION_PORT --permanent

Here, I will redirect the traffic from port 52 to port 460. To configure port forwarding with firewall-cmd, you can follow the steps given below.

Steps to follow >

➊ Open the Ubuntu Terminal first.

 Type the following command into the command prompt.

sudo firewall-cmd --zone=public --add-forward-port=port=52:proto=tcp:toport=460 --permanent

➌ Tap the ENTER button.

➍ Type your Password.

➎ Hit ENTER again.

➏ To reloads the firewall configuration run the below command.

sudo firewall-cmd --reload

➐ Now, press ENTER key.

Output >

You can see in the image below that I have forwarded the traffic of port 52 to port 460.The traffic of port 52 has been forwarded to port 460.

Example 5: List All Rules With the “firewall-cmd” Command in Linux

You can get the list of rules by running the firewall-cmd commands with the option –list-all. In this example, I will show you the list of rules in my machine’s firewall. You can get the same result on your machine by following the steps mentioned below.

Steps to Follow >

➊ First, open the Ubuntu Terminal.

 Next, run the command to see the list of rules in the firewall.

sudo firewall-cmd --list-all

➌ Finally, tap the ENTER button.

➍ Input your Password.

➎ Tap ENTER again.

Output >

As you can see in the image below, I have displayed the list of rules in the firewall.The list of rules has been displayed.


Similar Readings


Example 6: List All the Available Zones in Firewalld

You can get the list of all zones by running the firewall-cmd commands with the option –list-all-zones. In this example, I will show you the list of all zones in my machine. You can do the same by following the steps below.

Steps to Follow >

➊ At first, open the Ubuntu Terminal.

 Then, type the following command into the command prompt:

sudo firewall-cmd --list-all-zones

➌ Now, press the ENTER button.

➍ Type your Password.

➎ Then, press ENTER again.

Output >

In the image below, you can see the list of all available zones in the firewall.The list of all available zones in the firewall has been displayed.


Similar Readings


Example 7: Allow a Specific IP Address to Access a Port

The firewall-cmd command allows you to give access to a port for a specific IP address. The following syntax is used for this purpose

sudo firewall-cmd --permanent --zone=FIREWALL_ZONE --add-rich-rule 'rule family="ipv4/ipv6" source address="IP_ADDRESS" port port=PORT_NUMBER protocol=tcp accept'

Here, I will allow the “192.168.0.100” IP address to use port 450. You can do the same for any IP address by following the steps below.

Steps to follow >

➊ Open the Ubuntu Terminal first.

 Type the following command into the command prompt.

sudo firewall-cmd --permanent --zone=public --add-rich-rule 'rule family="ipv4" source address="192.168.0.100" port port=3306 protocol=tcp accept'

➌ Tap the ENTER button.

➍ Type your Password.

➎ Hit ENTER again.

➏ To reloads the firewall configuration run the following command.

sudo firewall-cmd --reload

➐ Now, press ENTER key.

Output >

You can see in the image below that I have given permission to the IP address 100.125.0.112 to use port 450.The Permission has been given to the IP address 100.125.0.112 to use port 450.

Conclusion

The firewall-cmd is a versatile and effective firewall management tool that can be used to easily configure and manage firewall rules and zones on a Linux system. Whether you are a beginner or an experienced user, firewall-cmd will provide a user-friendly interface that will make it easy for you to manage your firewall. In addition, if you are looking to secure your system against unwanted access or to restrict network access to specific applications, firewall-cmd is a great choice. By understanding the basics of firewall-cmd, you can take full advantage of the power and flexibility of this tool to secure your Linux system against potential threats.


Similar Readings

Rate this post
S. M. Amdadul Islam

Hello everyone. I am S. M. Amdadul Islam, currently working as a Linux Content Developer Executive at SOFTEKO. I am a Naval Architecture and Marine Engineering (NAME) graduate from the Bangladesh University of Engineering and Technology. In addition to my regular work, I enjoy watching Youtube, discovering new things, gossiping with friends, visiting new places, and taking photos of landscapes. Read Full Bio

Leave a Comment