sudo firewall-cmd --state
FirewallD allows users to control which network ports they want opened, or closed, to keep their system secure from unauthorized access.
FirewallD is integrated with SystemD and NetworkManager, and supports IPv4, IPv6 and ethernet bridges.
It also supports an interface for services and applications to add firewall rules directly.
These settings can be controlled from the command-line, or with the
FirewallD is the default firewall service for current releases of Fedora and is enabled by default. To check if your system has FirewallD enabled, at the command-line, type:
sudo firewall-cmd --state
This command will show if it is
If FirewallD is
not running, type:
sudo systemctl enable --now firewalld
This will enable the FirewallD service when booting the system, and immediately start the service.
If these commands do not work, FirewallD may not be installed. To install it, type:
sudo dnf install firewalld
To install the FirewallD graphical-user-interface application and open it from the command-line, type:
sudo dnf install firewall-config sudo firewall-config
Opening ports with FirewallD can be executed from the command-line without the need to edit configuration files. Ports can be opened using either the service name, or the port number. For example, to allow access to the SSH service, type:
sudo firewall-cmd --add-service ssh
If allowing access by the port number, it needs to be followed by the protocol whether it is TCP or UDP. To open SSH by its port, type:
sudo firewall-cmd --add-port=22/tcp
This will open the SSH port in runtime mode.
Runtime mode means it will run the change temporarily and will revert back to its original state after reloading the FirewallD service, or after a system reboot.
To keep the SSH port opened after a FirewallD service restart, or system reboot, include the
--permanent option, type:
sudo firewall-cmd --permanent --add-service ssh
or by port number:
sudo firewall-cmd --permanent --add-port=22/tcp
To save the changes:
sudo firewall-cmd --reload
To block access to the SSH service:
sudo firewall-cmd --remove-service ssh
To block access by port number:
sudo firewall-cmd --remove-port=22/tcp
Again, add the
--permanent option to make it persistent, and don’t forget to do
firewall-cmd --reload to save the changes.
To see a list of all the services recognized by FirewallD, type:
sudo firewall-cmd --get-services
To view a list of services "turned-on" in FirewallD, type:
sudo firewall-cmd --list-services
For more information about configuring FirewallD, such as how to list and change zones, port forwarding, and other system administrative tasks, refer to the FirewallD documentation at firewalld.org, the Fedora Wiki: FirewallD.
You can also find local documentation by using
firewall-cmd --help or the man pages: