Product SiteDocumentation Site

A.3. Network Configuration

Commands in this chapter are used for network configuration.

A.3.1. firewall (optional) - Configure Firewall

Specify the firewall configuration for the installed system.
firewall --enabled | --disabled device [--trust= | --ssh | --smtp | --http | --ftp | --port= | --service=]
--enabled or --enable
Reject incoming connections that are not in response to outbound requests, such as DNS replies or DHCP requests. If access to services running on this machine is needed, you can choose to allow specific services through the firewall.
--disabled or --disable
Disable the firewall.
--trust=
Listing a device here, such as em1, allows all traffic coming to and from that device to go through the firewall. To list more than one device, use this option again - for example:
firewall --enable --trust=em1 --trust=em2
Do not use a comma-separated format such as --trust em1, em2.
incoming
Replace with one or more of the following to allow the specified services through the firewall:
  • --ssh
  • --smtp
  • --http
  • --ftp
--port=
You can specify that ports be allowed through the firewall using the port:protocol format. For example, to allow IMAP access through your firewall, specify imap:tcp. Numeric ports can also be specified explicitly; for example, to allow UDP packets on port 1234 through, specify 1234:udp. To specify multiple ports, separate them by commas.
--service=
This option provides a higher-level way to allow services through the firewall. Some services (like cups, avahi, etc.) require multiple ports to be open or other special configuration in order for the service to work. You can specify each individual port with the --port option, or specify --service= and open them all at once.
Valid options are anything recognized by the firewall-offline-cmd program in the firewalld package. If firewalld is running, firewall-cmd --get-services will provide a list of known service names.